Insufficiently protected credentials in Testsigma Test Plan run - CVE-2025-53661
Published: July 29, 2025 / Updated: July 30, 2025
Vulnerability identifier: #VU113429
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-53661
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Jenkins
Affected software:
Testsigma Test Plan run
Testsigma Test Plan run
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due the affected application stores Testsigma API keys in job config.xml files on the Jenkins controller as part of its configuration. A remote user can observe and capture the keys and gain access to the system.
How to mitigate CVE-2025-53661
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.