The security advisory reveals a widespread pattern of authentication bypass mechanisms, missing permission enforcement, and credential exposure issues that collectively threaten enterprise CI/CD infrastructure.
Organizations running affected versions must prioritize patching to prevent unauthorized access and privilege escalation attacks.
The most critical vulnerability emerges from the SAML plugin, tracked as CVE-2025-64131 with a CVSS 3.1 score of 8.4.
The plugin failed to implement a replay cache in versions 4.583.vc68232f7018a and earlier, allowing attackers to intercept and replay SAML authentication requests between a user’s web browser and Jenkins.
This authentication bypass grants attackers complete access to user accounts without requiring valid credentials or authentication details.
The attack requires only that threat actors obtain information about the SAML authentication flow; once captured, replayed requests authenticate them as legitimate users.
Jenkins addressed this critical vulnerability by implementing proper replay cache protection in version 4.583.585.v22ccc1139f55, making immediate updates essential for affected deployments.
Organizations relying on SAML-based authentication should prioritize updating to patched versions to eliminate this attack surface.
| CVE ID | Severity | CVSS Score | Vulnerability Type | Affected Versions | Patched Version |
|---|---|---|---|---|---|
| CVE-2025-64131 | High | 8.4 | Replay Attack | ≤ 4.583.vc68232f7018a | 4.583.585.v22ccc1139f55 |
| CVE-2025-64140 | High | 8.8 | Shell Command Injection | 0.24.v1d0e3e50629e and earlier | 0.25.vb_6e4cbb27d26c |
| CVE-2025-64134 | High | 7.1 | XXE Injection | Affected versions | Patched |
| CVE-2025-64132 | Medium | 6.5 | Missing Permission Checks | ≤ 0.84.v50ca_24ef83f2 | 0.86.v7d3355e6a_a_18 |
| CVE-2025-64149 | Medium | 6.5 | CSRF | Multiple plugins | Varies |
| CVE-2025-64150 | Medium | 6.5 | Missing Permission Check | Multiple plugins | Varies |
| CVE-2025-64135 | Medium | 5.9 | Disabled Security Feature | Affected versions | Patched |
| CVE-2025-64133 | Medium | 5.4 | CSRF | Extensible Choice Parameter | Patched |
| CVE-2025-64138 | Medium | 5.4 | CSRF | Themis Plugin | Patched |
| CVE-2025-64139 | Medium | 5.4 | Missing Permission Check | Multiple plugins | Varies |
| CVE-2025-64141 | Medium | 5.4 | CSRF | Windocks Container Manager | Patched |
| CVE-2025-64142 | Medium | 5.4 | Missing Permission Check | Multiple plugins | Varies |
| CVE-2025-64143 | Medium | 5.7 | Plaintext Token Storage | Multiple plugins | Patched |
| CVE-2025-64144 | Medium | 5.7 | Plaintext Token Storage | Multiple plugins | Patched |
| CVE-2025-64145 | Medium | 5.7 | Credential Masking Issue | Multiple plugins | Patched |
| CVE-2025-64146 | Medium | 5.7 | Plaintext API Key Storage | Multiple plugins | Patched |
| CVE-2025-64147 | Medium | 5.7 | API Key Masking Issue | Multiple plugins | Patched |
| CVE-2025-64148 | Medium | 5.7 | Credential Enumeration | Multiple plugins | Patched |
| CVE-2025-64136 | Medium | 4.3 | CSRF | Multiple plugins | Patched |
| CVE-2025-64137 | Medium | 4.3 | Missing Permission Check | Multiple plugins | Varies |
The MCP Server plugin carries multiple authorization failures in version 0.84.v50ca_24ef83f2 and earlier, rated as medium severity through CVE-2025-64132.
The plugin fails to perform adequate permission checks across several tools, creating pathways for privilege escalation.
Attackers with basic Item/Read permissions can obtain sensitive information about configured source control systems despite lacking Item/Extended Read privileges.
More alarmingly, the same low-level access allows attackers to trigger new builds of protected jobs without Item/Build permissions.
Additional authentication gaps permit unauthenticated users lacking Overall/Read permissions to retrieve names of configured clouds.
Version 0.86.v7d3355e6a_a_18 addresses these authorization oversights through comprehensive permission validation.
Azure CLI Plugin CVE-2025-64140 represents another high-severity vulnerability with a CVSS score of 8.8.
The plugin fails to restrict shell command execution on the Jenkins controller, allowing attackers with Item/Configure permissions to execute arbitrary system commands with Jenkins process privileges.
JDepend Plugin vulnerability CVE-2025-64134 introduces XML external entity injection through outdated dependencies, potentially exposing secrets or enabling server-side request forgery attacks.
Additional weaknesses include CSRF vulnerabilities across multiple plugins, plaintext storage of authentication tokens and API keys in configuration files, and credential enumeration through missing permission checks.
Several plugins store sensitive credentials unencrypted in config.xml files, viewable by users with Item/Extended Read permissions or direct file system access.
Organizations running affected Jenkins deployments should prioritize patching high-severity vulnerabilities first, particularly SAML plugin replay attacks and Azure CLI command injection flaws.
Enterprise teams must review their plugin inventory against the affected versions list and apply available security updates immediately to secure their CI/CD infrastructure.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
The post Multiple Jenkins Flaws Include SAML Authentication Bypass and MCP Plugin Permission Issues appeared first on Cyber Security News.
The US faces a literacy crisis that is closely tied to ongoing educational challenges. Many…
The US faces a literacy crisis that is closely tied to ongoing educational challenges. Many…
For the past 10 years, e-commerce growth was mostly about finding new customers. Success was…
How AI-native engineering rewrites talent, enterprise decisions and operating leverage For the last three decades,…
As Artificial Intelligence (AI) becomes embedded in global infrastructure – from financial systems and supply…
When entrepreneurs ask me about building for acquisition, I tell them the same thing: start…
This website uses cookies.