CVE-2025-53103 MEDIUM

CVE-2025-53103: JUnit OpenTestReportGeneratingListener can leak Git credentials

Vendor Junit-Team
Product junit-framework
Weakness CWE-312 · Cleartext storage
Published July 1, 2025
Last update July 1, 2025

CVSS base score

5.8/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app. This issue as been patched in version 5.13.2.

Key dates

02Disclosure timeline

July 1, 2025 CVE published
July 1, 2025 Record updated