4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53657

GHSA ID

GHSA-r496-x769-f8j4

EPSS Score

0.10714%

CWE

CWE-522

Published

7/9/2025

Updated

7/9/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-53657

CVE-2025-53657: Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration.

These credentials can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Additionally, the job configuration form does not mask these credentials, increasing the potential for attackers to observe and capture them.

As of publication of this advisory, there is no fix.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-53657

GHSA ID

GHSA-r496-x769-f8j4

EPSS Score

0.10714%

CWE

CWE-522

Published

7/9/2025

Updated

7/9/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:soapui-pro-functional-testing	maven	<= 1.11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the way the Jenkins ReadyAPI Functional Testing Plugin stores credentials. The analysis of the source code, specifically the JenkinsSoapUIProTestRunner.java file, reveals that the plugin uses @DataBoundSetter annotated methods to populate fields from the Jenkins job configuration. The methods setSlmLicenceAccessKey, setPassword, and setSlmLicenseClientSecret all accept String arguments and store them directly as member variables. Jenkins then persists these values in the config.xml file for the job. Because the fields are simple String types and not the Jenkins-provided hudson.util.Secret type, the values are stored in plaintext. This allows anyone with read access to the job configuration or the Jenkins controller's filesystem to view these sensitive credentials. The perform method later retrieves these plaintext credentials to use them in the build process, confirming their use in an insecure manner.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins R***y*PI *un*tion*l T*stin* Plu*in *.** *n* **rli*r stor*s SLM Li**ns* ****ss K*ys, *li*nt s**r*ts, *n* p*sswor*s un*n*rypt** in jo* *on*i*.xml *il*s on t** J*nkins *ontroll*r *s p*rt o* its *on*i*ur*tion. T**s* *r***nti*ls **n ** vi*w** *y

Reasoning

T** vuln*r**ility li*s in t** w*y t** J*nkins R***y*PI *un*tion*l T*stin* Plu*in stor*s *r***nti*ls. T** *n*lysis o* t** sour** *o**, sp**i*i**lly t** `J*nkinsSo*pUIProT*stRunn*r.j*v*` *il*, r*v**ls t**t t** plu*in us*s `@**t**oun*S*tt*r` *nnot*t** m

4.3

Basic Information

Concerned about an active attack path?

CVE-2025-53657: Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI