CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.

Published Oct 30, 2025

https://github.com/advisories/GHSA-rh72-238f-g26q

CVSS ScoreHigh

8.8

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-64140

Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.

Published Oct 30, 2025

https://github.com/advisories/GHSA-rh72-238f-g26q

CVSS ScoreHigh

8.8


maven	org.jenkins-ci.plugins/azure-cli	0.1
maven	org.jenkins-ci.plugins/azure-cli	0.2
maven	org.jenkins-ci.plugins/azure-cli	0.3
maven	org.jenkins-ci.plugins/azure-cli	0.4
maven	org.jenkins-ci.plugins/azure-cli	0.5
maven	org.jenkins-ci.plugins/azure-cli	0.6
maven	org.jenkins-ci.plugins/azure-cli	0.7
maven	org.jenkins-ci.plugins/azure-cli	0.8
maven	org.jenkins-ci.plugins/azure-cli	0.9

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/azure-cli	0.1
maven	org.jenkins-ci.plugins/azure-cli	0.2
maven	org.jenkins-ci.plugins/azure-cli	0.3
maven	org.jenkins-ci.plugins/azure-cli	0.4
maven	org.jenkins-ci.plugins/azure-cli	0.5
maven	org.jenkins-ci.plugins/azure-cli	0.6
maven	org.jenkins-ci.plugins/azure-cli	0.7
maven	org.jenkins-ci.plugins/azure-cli	0.8
maven	org.jenkins-ci.plugins/azure-cli	0.9

Find vulnerabilities. Fix fast with AI.

CVE-2025-64140

CVE-2025-64140