Jenkins Eggplant Runner Plug <=0.0.1.301 jdk.http.auth.tunneling.disabledSchemes
CVE-2025-64135 Published on October 29, 2025
Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe8ddb_8 and earlier sets the Java system property `jdk.http.auth.tunneling.disabledSchemes` to an empty value, disabling a protection mechanism of the Java runtime.
Vulnerability Analysis
CVE-2025-64135 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Products Associated with CVE-2025-64135
Want to know whenever a new CVE is published for Jenkins? stack.watch will email you.
Affected Versions
Jenkins Project Jenkins Eggplant Runner Plugin:- Before and including 0.0.1.301.v963cffe8ddb_8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.