CVE-2025-53658: 
Java vulnerability analysis and mitigation

CVE-2025-53658 is a stored cross-site scripting (XSS) vulnerability affecting Jenkins Applitools Eyes Plugin versions 1.16.5 and earlier. The vulnerability was discovered by Said Abdesslem Messadi from Aix Marseille University and was publicly disclosed on July 9, 2025. The vulnerability affects the Jenkins Applitools Eyes Plugin, which is a Jenkins integration plugin for Applitools visual testing platform (Jenkins Advisory, NVD).

The vulnerability occurs because the plugin fails to properly escape the Applitools URL on the build page. This security flaw is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD, Miggo).

The vulnerability allows attackers with Item/Configure permission to execute stored cross-site scripting attacks through the build page. This could potentially lead to the execution of arbitrary JavaScript code in the context of other users' browsers who view the affected build page (Jenkins Advisory).

The vulnerability has been fixed in Applitools Eyes Plugin version 1.16.6. The fix implements proper input validation that rejects Applitools URLs containing HTML metacharacters. Users are strongly advised to upgrade to this version to mitigate the vulnerability (Jenkins Advisory).