Vulnerability in Jenkins Aqua_security_scanner
CVE-2025-53653
Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the…
EPSS: 0.002 (9.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
Weakness classification (CWE)
References
- jenkinsci-cert@googlegroups.com (vendor-advisory, Vendor Advisory)
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2025-53653?
- CVE-2025-53653 is a medium-severity vulnerability in Jenkins Aqua_security_scanner, classified under Missing Encryption of Sensitive Data. CVSS score: 4.3/10. Published 2025-07-09.
- How severe is CVE-2025-53653?
- Medium severity. CVSS v3 base score is 4.3 out of 10.