Vulnerability in Jenkins Aqua_security_scanner

CVE-2025-53653

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the…

EPSS: 0.002 (9.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-53653?
CVE-2025-53653 is a medium-severity vulnerability in Jenkins Aqua_security_scanner, classified under Missing Encryption of Sensitive Data. CVSS score: 4.3/10. Published 2025-07-09.
How severe is CVE-2025-53653?
Medium severity. CVSS v3 base score is 4.3 out of 10.