CVE-2025-31724 – The Jenkins Cadence vManager Plugin stores Veri... (How to Fix)

Q: What is the severity of CVE-2025-31724?

CVE-2025-31724 has a CVSS score of 4.3 (MEDIUM). The Jenkins Cadence vManager Plugin stores Verisium Manager vAPI keys unencrypted in job configuration files on the Jenkins controller. This allows users with Extended Read permission or filesystem access to view these sensitive credentials. Organizations using affected plugin versions are vulnerable to credential exposure.

📋 TL;DR

The Jenkins Cadence vManager Plugin stores Verisium Manager vAPI keys unencrypted in job configuration files on the Jenkins controller. This allows users with Extended Read permission or filesystem access to view these sensitive credentials. Organizations using affected plugin versions are vulnerable to credential exposure.

💻 Affected Systems

Products:

Jenkins Cadence vManager Plugin

Versions: 4.0.0-282.v5096a_c2db_275 and earlier

Operating Systems: All platforms running Jenkins

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Jenkins instances using the Cadence vManager Plugin with Verisium Manager vAPI keys configured in jobs.

📦 What is this software?

Cadence Vmanager by Jenkins

View all CVEs affecting Cadence Vmanager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to Verisium Manager vAPI keys, enabling unauthorized access to Cadence verification systems, potential data exfiltration, or manipulation of verification results.

🟠

Likely Case

Internal users with Extended Read permission inadvertently or intentionally access API keys, leading to unauthorized API calls or credential reuse in other systems.

🟢

If Mitigated

With proper access controls and monitoring, exposure is limited to authorized administrators only, minimizing credential misuse.

🌐 Internet-Facing: LOW - This requires access to Jenkins controller filesystem or Extended Read permissions, which are typically not exposed to the internet.

🏢 Internal Only: MEDIUM - Internal users with Extended Read permission or filesystem access can view sensitive credentials, posing insider threat risks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires only file read access or Extended Read permission.

Exploitation requires existing access to Jenkins controller filesystem or Extended Read permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Jenkins Cadence vManager Plugin version 4.0.0-283.v5096a_c2db_276 or later

Vendor Advisory: https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3537

Restart Required: Yes

Instructions:

1. Navigate to Jenkins Manage Jenkins > Manage Plugins
2. Go to Available tab and search for 'Cadence vManager Plugin'
3. Check for updates and install version 4.0.0-283.v5096a_c2db_276 or later
4. Restart Jenkins after installation completes

🔧 Temporary Workarounds

Restrict Extended Read Permissions

all

Limit users with Extended Read permission to trusted administrators only.

# Review and modify Jenkins permissions via Manage Jenkins > Manage and Assign Roles
# Remove Extended Read permission from non-administrative users

Secure Jenkins Controller Filesystem

all

Restrict filesystem access to Jenkins controller to authorized administrators only.

# Set appropriate filesystem permissions (e.g., chmod 600 on config.xml files)
# Use access controls to limit who can access Jenkins controller server

🧯 If You Can't Patch

Rotate all exposed Verisium Manager vAPI keys immediately
Audit and remove Extended Read permissions from non-essential users

🔍 How to Verify

Check if Vulnerable:

Check Jenkins plugin manager for Cadence vManager Plugin version. If version is 4.0.0-282.v5096a_c2db_275 or earlier, the system is vulnerable.

Check Version:

Check Jenkins web UI at Manage Jenkins > Manage Plugins > Installed tab, or examine $JENKINS_HOME/plugins/cadence-vmanager/META-INF/MANIFEST.MF

Verify Fix Applied:

Verify plugin version is 4.0.0-283.v5096a_c2db_276 or later in Manage Jenkins > Manage Plugins > Installed tab.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to Jenkins controller filesystem
Unusual API calls to Verisium Manager using potentially exposed keys

Network Indicators:

Unexpected outbound connections to Cadence/Verisium systems from Jenkins controller

SIEM Query:

source="jenkins" AND (event="File access" AND file="*config.xml") OR (event="API call" AND destination="verisium")

📊 Metadata

CVE ID: CVE-2025-31724

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-256

EPSS Score: 0.53% exploit probability (66.6th percentile)

Published: April 2, 2025

Last Updated: April 17, 2025

🔗 References

https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3537 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-31724, you might also want to check these: