CVE-2025-54876

Vulnerability Description

The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.

Related Weaknesses (CWE)

CWE-522

References

https://github.com/JanssenProject/jans/commit/3592837764fe48b956e3140ca17b8ef7ca
https://github.com/JanssenProject/jans/discussions/11886
https://github.com/JanssenProject/jans/pull/11903
https://github.com/JanssenProject/jans/security/advisories/GHSA-2f4x-m695-jvp3

FAQ

What is CVE-2025-54876?

CVE-2025-54876 is a documented vulnerability. The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in ...

How severe is CVE-2025-54876?

CVSS scoring is not yet available for CVE-2025-54876. Check NVD for updates.

Is there a patch for CVE-2025-54876?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.