CSRF Vulnerability in Jenkins Nexus Task Runner Plugin by CloudBees
CVE-2025-64141

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Nexus Task Runner Plugin
Vendor: CVE Published:; 29 October 2025

What is CVE-2025-64141?

A vulnerability exists in the Jenkins Nexus Task Runner Plugin that allows attackers to exploit cross-site request forgery (CSRF), enabling them to connect to a maliciously specified URL with attacker-defined credentials. This issue affects versions up to and including 0.9.2, which can lead to unauthorized actions being performed on behalf of legitimate users without their consent.

Affected Version(s)

Jenkins Nexus Task Runner Plugin 0 <= 0.9.2

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 28, 2025

JSON