CVE-2025-53657

MEDIUM

Jenkins ReadyAPI Functional Testing Plugin <1.11 - Info Disclosure

Title source: llm
STIX 2.1

Description

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

References (2)

Scores

CVSS v3 4.3
EPSS 0.0004
EPSS Percentile 12.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-522
Status published
Products (2)
jenkins/readyapi_functional_testing < 1.11
org.jenkins-ci.plugins/soapui-pro-functional-testing 0Maven
Published Jul 09, 2025
Tracked Since Feb 18, 2026