What is the severity of CVE-2025-31724?

CVE-2025-31724 is considered a moderate severity vulnerability due to the exposure of sensitive vAPI keys.

How do I fix CVE-2025-31724?

To mitigate CVE-2025-31724, update the Jenkins Cadence vManager Plugin to version 4.0.0-283.vxxxx or later.

Who is affected by CVE-2025-31724?

CVE-2025-31724 affects users of the Jenkins Cadence vManager Plugin version 4.0.0-282.v5096a_c2db_275 and earlier.

What are the risks associated with CVE-2025-31724?

The risks of CVE-2025-31724 include unauthorized access to Verisium Manager vAPI keys by users with Extended Read permission on the Jenkins controller.

Where are the vulnerabilities stored in CVE-2025-31724?

In CVE-2025-31724, the Verisium Manager vAPI keys are stored unencrypted in job config.xml files on the Jenkins controller.

Vulnerability/
CVE-2025-31724

medium

4.3

CWE

312 256

2/4/2025

3/4/2025

CVE-2025-31724

First published: Wed Apr 02 2025(Updated: )

Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 stores Verisium Manager vAPI keys encrypted once affected job configurations are saved again.

Credit: jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
Cadence vManager Plugin	<=4.0.0-282.v5096a_c2db_275
maven/org.jenkins-ci.plugins:vmanager-plugin	<4.0.1	4.0.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-31724?
CVE-2025-31724 is considered a moderate severity vulnerability due to the exposure of sensitive vAPI keys.
How do I fix CVE-2025-31724?
To mitigate CVE-2025-31724, update the Jenkins Cadence vManager Plugin to version 4.0.0-283.vxxxx or later.
Who is affected by CVE-2025-31724?
CVE-2025-31724 affects users of the Jenkins Cadence vManager Plugin version 4.0.0-282.v5096a_c2db_275 and earlier.
What are the risks associated with CVE-2025-31724?
The risks of CVE-2025-31724 include unauthorized access to Verisium Manager vAPI keys by users with Extended Read permission on the Jenkins controller.
Where are the vulnerabilities stored in CVE-2025-31724?
In CVE-2025-31724, the Verisium Manager vAPI keys are stored unencrypted in job config.xml files on the Jenkins controller.

collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/type
collector/nvd-api
source/NVD
agent/author
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/github-advisory-latest
source/GitHub
alias/GHSA-x9hj-q7xv-fv4v
alias/CVE-2025-31724
collector/nvd-cve
agent/last-modified-date
agent/references
agent/weakness
agent/source
agent/severity
agent/softwarecombine
agent/tags
agent/description
agent/trending
agent/event
vendor/jenkins
canonical/cadence vmanager plugin
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.