cvedb.io
CVE-2025-64131
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-10-29T14:15:57.133 · Last modified 2026-06-17T09:53:52.950

Summary

Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user.

Affected products

jenkins — saml

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.