CVE-2025-64140

Summary

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Azure CLI Plugin0 <= 0.9affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References