Vulnerability Database

318,389

Total vulnerabilities in the database

CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access.

Published: Oct 29, 2025
Updated: Jan 19, 2026
CVE: CVE-2025-64132
GHSA: GHSA-mrpq-9jr3-rqq9
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
io.jenkins.plugins / mcp-server	-	0.86.v7d3355e6a
jenkins / mcp_server	-	0.86.v7d3355e6a_a_18

http://www.openwall.com/lists/oss-security/2025/10/29/2
https://github.com/jenkinsci/mcp-server-plugin/commit/59de6a268b4c6844a3a9c6c55a541de183e71a97
https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3622

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo