VYPR
Moderate severityNVD Advisory· Published Oct 29, 2025· Updated Nov 4, 2025

CVE-2025-64132

CVE-2025-64132

Description

Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.jenkins.plugins:mcp-serverMaven
< 0.86.v7d3355e6a0.86.v7d3355e6a

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

1