Description

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app. This issue as been patched in version 5.13.2.

INFO

Published Date :

2025-07-01T18:02:39.060Z

Last Modified :

2025-07-01T18:50:18.904Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53103 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53103.

URL Resource
https://github.com/junit-team/junit-framework/commit/d4fc834c8c1c0b3168cd030c13551d1d041f51bc cve-icon cve-icon cve-icon
https://github.com/junit-team/junit-framework/security/advisories/GHSA-m43g-m425-p68x cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-53103 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-53103 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact