Jenkins has disclosed multiple security vulnerabilities affecting several of its plugins, including a critical authentication bypass in the SAML Plugin (CVE-2025-64131). The official security advisory lists affected plugins such as SAML, MCP Server, Extensible Choice Parameter, JDepend, Eggplant Runner, Themis, Start Windocks Containers, azure-cli, Nexus Task Runner, OpenShift Pipeline, ByteGuard Build Actions, Curseforge Publisher, and Publish to Bitbucket. Administrators are urged to review the advisory and apply the necessary updates to mitigate the risk of exploitation.
The SAML Plugin flaw allows attackers to bypass authentication controls, potentially granting unauthorized access to Jenkins instances. Other plugin vulnerabilities may also expose systems to various risks if left unpatched. Security experts recommend immediate action to update all affected plugins to their latest versions to ensure the integrity and security of Jenkins environments.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
An oss-security mailing list post discussed the multiple vulnerabilities in Jenkins plugins after the advisory's release, reflecting community review and dissemination of the disclosed issues. The post did not clearly introduce a distinct new vulnerability beyond the already disclosed set.
Security reporting summarized the newly disclosed Jenkins plugin vulnerabilities and specifically called out a SAML authentication bypass vulnerability, CVE-2025-64131, as part of the broader set of issues. This amplified awareness of the advisory but did not indicate a separate incident.
Jenkins published a security advisory covering multiple vulnerabilities affecting Jenkins plugins, including issues later highlighted as a SAML authentication bypass tracked as CVE-2025-64131. The advisory marked the initial public disclosure of the plugin flaw wave.
3 references tracked. Mallory keeps watching after this page renders.
seclists.org
Open sourcesecurityonline.info
Open sourcecyber.gc.ca
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.