Jenkins Hit by Plugin Flaws, SAML Bypass Exposed

The Jenkins project on Thursday issued a critical security advisory revealing multiple vulnerabilities in its plugin ecosystem, including a serious authentication bypass affecting SAML-based logins. Jenkins hit by plugin flaws now faces heightened risks to server integrity and user confidentiality, with attackers potentially gaining unauthorized access through compromised modules.

Among the identified issues is CVE-2025-64131, a high-severity flaw that allows attackers to bypass authentication in specific configurations. In total, the advisory listed over a dozen CVEs, including CVE-2025-64150, CVE-2025-64143, and CVE-2025-64132, each targeting various components within Jenkins plugins. The vulnerabilities range from input validation failures to privilege escalation risks.

Administrators are urged to update affected plugins immediately and review security configurations. Jenkins hit by plugin flaws once again underscores the importance of regular audits and timely patching in continuous integration environments.

For a complete breakdown of the vulnerabilities and recommended remediations, read the official report at

Jenkins Faces Wave of Plugin Flaws, Including SAML Authentication Bypass (CVE-2025-64131)