CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-64132

Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.9%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3622
http://www.openwall.com/lists/oss-security/2025/10/29/2

Products affected by CVE-2025-64132

Jenkins » Mcp Server » Version: Any

cpe:2.3:a:jenkins:mcp_server:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-64132

Products

Pricing

Contact Us