Arbitrary Command Execution Vulnerability in Jenkins Azure CLI Plugin
CVE-2025-64140

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Azure Cli Plugin
Vendor: CVE Published:; 29 October 2025

What is CVE-2025-64140?

The Jenkins Azure CLI Plugin versions up to 0.9 exhibit a critical flaw by failing to limit the execution of commands on the Jenkins controller. As a result, any user with Item/Configure permissions can execute arbitrary shell commands, potentially leading to unauthorized access or manipulation of the system. This security lapse necessitates immediate attention to mitigate risks associated with unmonitored command execution.

Affected Version(s)

Jenkins Azure CLI Plugin 0 <= 0.9

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECU...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 28, 2025

JSON