The vulnerability identified as CVE-2025-64135 affects the Jenkins Eggplant Runner Plugin, specifically versions 0.0.1.301.v963cffe8ddb_8 and earlier. The issue arises because the plugin sets the Java system property jdk.http.auth.tunneling.disabledSchemes to an empty string, effectively disabling a built-in security mechanism in the Java runtime environment. Normally, this property restricts which HTTP authentication schemes are allowed when tunneling through proxies, preventing unauthorized or insecure authentication methods from being used. By clearing this property, the plugin removes these restrictions, potentially enabling attackers to exploit HTTP proxy authentication mechanisms to bypass security controls. This could facilitate man-in-the-middle attacks, credential interception, or unauthorized access to internal services within CI/CD pipelines that utilize Jenkins and this plugin. Although no public exploits have been reported, the vulnerability is significant because it undermines a fundamental Java security feature and affects environments where Jenkins is used for automated testing and deployment workflows. The lack of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed, but the technical details suggest a serious risk. The plugin's role in integrating Eggplant test automation tools into Jenkins means that organizations using this setup could have their build and test environments compromised if exploited. The vulnerability does not require user interaction but does require the presence of the vulnerable plugin version, making it a risk primarily for Jenkins administrators and DevOps teams. The absence of patches at the time of publication necessitates immediate attention to configuration and monitoring to mitigate potential exploitation.

For European organizations, the impact of CVE-2025-64135 could be substantial, especially for those heavily reliant on Jenkins for continuous integration and deployment processes. The vulnerability could allow attackers to bypass HTTP proxy authentication controls, potentially leading to unauthorized access to internal network resources, interception of sensitive build and test data, and manipulation of automated workflows. This could compromise the confidentiality and integrity of software development pipelines, resulting in the introduction of malicious code or leakage of proprietary information. Organizations in sectors such as finance, manufacturing, telecommunications, and critical infrastructure that use Jenkins and the Eggplant Runner Plugin are at heightened risk. The disruption or compromise of CI/CD environments can delay software releases, cause operational downtime, and damage organizational reputation. Furthermore, given the interconnected nature of modern development environments, exploitation could serve as a pivot point for broader network intrusions. The lack of known exploits in the wild provides a window for proactive mitigation, but the potential for severe impact mandates urgent action.

To mitigate CVE-2025-64135, European organizations should first identify all Jenkins instances using the Eggplant Runner Plugin and verify the plugin version. Until an official patch is released, administrators should manually override the Java system property jdk.http.auth.tunneling.disabledSchemes to restore its default value, which typically includes disabling certain insecure HTTP authentication schemes. This can be done by setting the property explicitly in the Jenkins startup parameters or Java runtime environment configuration. Additionally, organizations should restrict network access to Jenkins servers, enforce strict proxy authentication policies, and monitor HTTP proxy logs for unusual authentication attempts. Implementing network segmentation to isolate CI/CD infrastructure reduces the attack surface. Regularly auditing plugin configurations and applying the principle of least privilege to Jenkins service accounts will limit potential damage. Once a vendor patch is available, prompt updating of the Eggplant Runner Plugin is essential. Finally, integrating security scanning tools into the CI/CD pipeline can help detect anomalous behavior indicative of exploitation attempts.