PT-2025-4854 · Pmd · Pmd
Hboutemy
·
Published
2025-01-31
·
Updated
2025-01-31
·
CVE-2025-23215
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear |
Name of the Vulnerable Software and Affected Versions
PMD (affected versions not specified)
Description
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in a jar published to Maven Central. Although the private key itself is not known to have been compromised, its potential compromise must be considered due to the exposed passphrase. As a mitigation, both compromised keys have been revoked to prevent future use.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Information Disclosure
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pmd