4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53654

GHSA ID

GHSA-3c9f-c64m-h4wc

EPSS Score

0.1251%

CWE

CWE-522

Published

7/9/2025

Updated

7/9/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-53654

CVE-2025-53654: Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml on the Jenkins controller as part of its configuration.

This key can be viewed by users with access to the Jenkins controller file system.

Additionally, the global configuration form does not mask this key, increasing the potential for attackers to observe and capture it.

As of publication of this advisory, there is no fix.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53654

GHSA ID

GHSA-3c9f-c64m-h4wc

EPSS Score

0.1251%

CWE

CWE-522

Published

7/9/2025

Updated

7/9/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins.plugins.statistics.gatherer:statistics-gatherer	maven	<= 2.0.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

J*nkins St*tisti*s **t**r*r Plu*in *.*.* *n* **rli*r stor*s t** *WS S**r*t K*y un*n*rypt** in its *lo**l *on*i*ur*tion *il* `or*.j*nkins.plu*ins.st*tisti*s.**t**r*r.St*tisti*s*on*i*ur*tion.xml` on t** J*nkins *ontroll*r *s p*rt o* its *on*i*ur*tion.

Reasoning

No *n*lysis *v*il**l*

4.3

Basic Information

Concerned about an active attack path?

CVE-2025-53654: Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI