Skip to main content

Apica Loadtest CVE-2025-53665

| EUVD-2025-20849 MEDIUM
Plaintext Storage of a Password (CWE-256)
2025-07-09 jenkinsci-cert@googlegroups.com GHSA-28j3-hphh-cjr8
Information Disclosure Jenkins Apica Loadtest
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 06:20 euvd
EUVD-2025-20849
Analysis Generated
Mar 16, 2026 - 06:20 vuln.today
CVE Published
Jul 09, 2025 - 16:15 nvd
MEDIUM 4.3

DescriptionNVD

Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

AnalysisAI

CVE-2025-53665 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

Vulnerability type not specified by vendor.

RemediationAI

Monitor vendor channels for patch availability.

More from same product – last 7 days

CVE-2026-48920 HIGH
8.8 May 27

Arbitrary file disclosure in the Jenkins Email Extension Plugin (email-ext) versions 1933.v45cec755423f and earlier lets
CVE-2026-48922 HIGH
7.5 May 27

Arbitrary file write in the Jenkins Credentials Binding Plugin (version 720.v3f6decef43ea_ and earlier) lets users who c
CVE-2026-48921 HIGH
7.5 May 27

Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 79
CVE-2026-48919 MEDIUM
6.6 May 27

Unsafe deserialization in Jenkins Active Directory Plugin 2.41 and earlier allows a remote attacker holding administrati
CVE-2026-48918 MEDIUM
6.6 May 27

Server-Side Request Forgery in Jenkins Active Directory Plugin 2.41 and earlier enables a highly privileged attacker to

Share

CVE-2025-53665 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy