CVE-2025-53657

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Published: Jul 9, 2025
Updated: Aug 11, 2025
CVE: CVE-2025-53657
GHSA: GHSA-r496-x769-f8j4
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
org.jenkins-ci.plugins / soapui-pro-functional-testing	-	1.11.x
jenkins / readyapi_functional_testing	-	1.11.x

https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3556

Vulnerability Database

CVE-2025-53657