CVE-2025-53669: 
Java vulnerability analysis and mitigation

CVE-2025-53669 affects the Jenkins VAddy Plugin versions 1.2.8 and earlier. The vulnerability was discovered and reported by Romuald Moisan and Vincent Lardet from Aix Marseille University, and was publicly disclosed on July 9, 2025. This security issue involves the improper display of sensitive authentication information in the Jenkins plugin configuration interface (Jenkins Advisory).

The vulnerability is classified with a Medium severity CVSS v3.1 base score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). The technical issue stems from the plugin's failure to mask (hide with asterisks) Vaddy API Auth Keys that are displayed on the job configuration form. This vulnerability is tracked alongside CVE-2025-53668, which relates to the storage of these keys (NVD).

The vulnerability increases the potential for attackers to observe and capture Vaddy API Auth Keys. If exploited, attackers could gain unauthorized access to Vaddy API services using the captured authentication keys. This exposure could lead to unauthorized access to security testing resources and potentially compromise the integrity of security testing workflows (Jenkins Advisory).

As of the security advisory publication on July 9, 2025, no fix is available for this vulnerability in the VAddy Plugin. Organizations using affected versions (1.2.8 and earlier) should implement additional access controls to restrict access to the job configuration interface and monitor for unauthorized access attempts (Jenkins Advisory).