Vulnerability in Jenkins Ibm_cloud_devops

CVE-2025-53663

Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the…

EPSS: 0.002 (11.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-53663?
CVE-2025-53663 is a medium-severity vulnerability in Jenkins Ibm_cloud_devops, classified under Missing Encryption of Sensitive Data. CVSS score: 6.5/10. Published 2025-07-09.
How severe is CVE-2025-53663?
Medium severity. CVSS v3 base score is 6.5 out of 10.