How to fix CVE-2025-53103?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Is Java affected by CVE-2025-53103?

Organizations using JUnit should be aware of moderate risk from CVE-2025-53103, a cleartext storage vulnerability rated CVSS 5.8. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-53103

EUVD-2025-19655 MEDIUM

2025-07-01 [email protected]

GHSA-m43g-m425-p68x

5.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 16, 2026 - 01:42 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:42 euvd

EUVD-2025-19655

CVE Published

Jul 01, 2025 - 18:15 nvd

MEDIUM 5.8

Description

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app. This issue as been patched in version 5.13.2.

Analysis

A security vulnerability in JUnit (CVSS 5.8). Remediation should follow standard vulnerability management procedures.

Technical Context

CWE-312 (Cleartext Storage). Affects JUnit.

Affected Products

['JUnit']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +29

POC: 0

Vendor Status

Ubuntu

Priority: Medium

junit5

Release	Status	Version
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	not-affected	debian: Vulnerable code not present, introduced in 5.12
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-
plucky	ignored	end of life, was needs-triage

Debian

junit5

Release	Status	Fixed Version	Urgency
bullseye	fixed	5.3.2-4	-
bookworm	fixed	5.9.2-1	-
forky, sid, trixie	fixed	5.10.3-1	-
(unstable)	not-affected	-	-

CVE-2025-53103 vulnerability details – vuln.today

Back

CVE-2025-53103

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-53103

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code