Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Published: Apr 2, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-31724
GHSA: GHSA-x9hj-q7xv-fv4v
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-256
CWE-312

OWASP TOP 10:

A2 - Broken Authentication
A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
org.jenkins-ci.plugins / vmanager-plugin	-	4.0.1
jenkins / cadence_vmanager	-	4.0.1-286.v9e25a_740b_a_48

https://github.com/jenkinsci/vmanager-plugin/commit/9e25a740ba4837ef528c73b621259e840ef0db75
https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3537

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo