CVE-2025-53653

CWE-311 CWE-522 — Insufficiently Protected Credentials5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 87.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Aqua Security Scanner Plugin Jenkins Aqua Security Scanner

Timeline

PublishedJul 9

Description

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:aqua-security-scanner3.2.8

▶CVEListV5jenkins_project/jenkins_aqua_security_scanner_plugin3.2.8

▶NVDjenkins/aqua_security_scanner3.2.8

🔴Vulnerability Details

OSV

Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens↗2025-07-09

▶

GHSA

Jenkins Aqua Security Scanner Plugin vulnerability exposes scanner tokens↗2025-07-09

▶

CVEList

CVE-2025-53653: Jenkins Aqua Security Scanner Plugin 3↗2025-07-09

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2025-07-09↗2025-07-09

▶