Moderate severityNVD Advisory· Published Oct 29, 2025· Updated Nov 4, 2025
CVE-2025-64132
CVE-2025-64132
Description
Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.jenkins.plugins:mcp-serverMaven | < 0.86.v7d3355e6a | 0.86.v7d3355e6a |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-mrpq-9jr3-rqq9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-64132ghsaADVISORY
- www.jenkins.io/security/advisory/2025-10-29/ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2025/10/29/2ghsaWEB
- github.com/jenkinsci/mcp-server-plugin/commit/59de6a268b4c6844a3a9c6c55a541de183e71a97ghsaWEB
News mentions
1- Jenkins Security Advisory 2025-10-29Jenkins Security Advisories · Oct 29, 2025