Ref# ADV2025_196 | Date: Jul 15th 2025

---

Jenkins has published a security advisory highlighting vulnerabilities in the following products on July 9th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Apica Loadtest Plugin – version 1.10 and prior 
• Applitools Eyes Plugin – version 1.16.5 and prior 
• Aqua Security Scanner Plugin – version 3.2.8 and prior 
• Credentials Binding Plugin – version 687.v619cb_15e923f and prior 
• Dead Man’s Snitch Plugin – version 0.1 and prior 
• Git Parameter Plugin – version 439.vb_0e46ca_14534 and prior 
• HTML Publisher Plugin – version 425 and prior 
• IBM Cloud DevOps Plugin – version 2.0.16 and prior 
• IFTTT Build Notifier Plugin – version 1.2 and prior 
• Kryptowire Plugin – version 0.2 and prior 
• Nouvola DiveCloud Plugin – version 1.08 and prior 
• QMetry Test Management Plugin – version 1.13 and prior 
• ReadyAPI Functional Testing Plugin – version 1.11 and prior 
• Sensedia Api Platform tools Plugin – version 1.0 and prior 
• Statistics Gatherer Plugin – version 2.0.3 and prior 
• Testsigma Test Plan run Plugin – version 1.6 and prior 
• User1st uTester Plugin – version 1.1 and prior 
• VAddy Plugin – version 1.2.8 and prior 
• Warrior Framework Plugin – version 1.2 and prior 
• Xooa Plugin – version 0.0.7 and prior 

For more information on these updates, you can follow this URL: 

• Jenkins Security Advisory 2025-07-09 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Jenkins Security Advisory

References 

• Jenkins Security Advisories. (July 9th, 2025). Retrieved from Jenkins. https://www.jenkins.io/security/advisories/
• Jenkins Security Advisory. (July 9th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/jenkins-security-advisory-av25-413