Today, Immersive's Container 7 Research Team have released two CTI labs for a critical vulnerability in Jenkins that allows for remote code execution.
In October 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its known exploited vulnerabilities catalogue, one of which was a critical 2017 vulnerability affecting Jenkins versions 2.56 and earlier and 2.46 LTS and earlier. This vulnerability allowed attackers to gain remote code execution on vulnerable instances.
Why is this critical for you and your team?
Jenkins is a widely used application. Shodan reports confirm that there are 000s of instances exposed to the internet, with the vulnerable versions. With this vulnerability being a critical remote code execution vulnerability, the impact is significant. Understanding how to investigate logs for this attack and understanding how to successfully achieve exploitation is important for any team. Even though it's a 2017 vulnerability, it's a very recent addition to CISA KEV, which illustrates just how significant it is, and that even today, attackers are using this vulnerability to gain footholds and compromise vulnerable victims.
Who is the lab for?
- SOC Analysts
- Incident Responders
- Penetration Testers
- Red Teamers
- Threat Hunters
Here are the links to the labs: