CVE-2025-54876

Published: Aug 5, 2025

Modified: Jan 23, 2026

PUBLISHED

Description

The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.

Vendor	Product	Versions
JanssenProject	jans	affected `< nightly`

Weaknesses (CWE)

CWE-522

References

https://github.com/JanssenProject/jans/security/advisories/GHSA-2f4x-m695-jvp3

x_refsource_CONFIRM

https://github.com/JanssenProject/jans/pull/11903

x_refsource_MISC

https://github.com/JanssenProject/jans/commit/3592837764fe48b956e3140ca17b8ef7cac00a47

x_refsource_MISC

https://github.com/JanssenProject/jans/discussions/11886

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-54876

Description

Affected Products

Weaknesses (CWE)

References