CVE-2025-54876 is a medium-severity vulnerability affecting the Janssen Project's open-source identity and access management (IAM) platform, specifically versions 1.9.0 and below. The vulnerability is categorized under CWE-522, which refers to insufficiently protected credentials. The core issue is that Janssen stores user passwords in plaintext within a local log file named cli_cmd.log. This practice exposes sensitive credential information to anyone with access to the file system where the logs reside. Since the vulnerability does not require any authentication or user interaction and can be exploited remotely (CVSS vector AV:N/AC:L/AT:N/UI:N/PR:N), an attacker who gains access to the system or its logs can retrieve plaintext passwords, potentially leading to unauthorized access to the IAM platform and any connected systems. The vulnerability affects confidentiality severely, as passwords are directly exposed, but does not impact integrity or availability. The issue has been addressed in the nightly prerelease builds, but no official patch or update has been formally released yet. There are no known exploits in the wild at this time. The vulnerability scoring (CVSS 6.9) reflects a medium severity, primarily due to the ease of exploitation and the sensitive nature of the data exposed, balanced against the requirement for access to the local log files.

For European organizations using the Janssen IAM platform, this vulnerability poses a significant risk to credential confidentiality. IAM systems are critical for managing user identities and access controls across enterprise environments. Exposure of plaintext passwords could lead to unauthorized access to sensitive systems, data breaches, and lateral movement within networks. This is particularly concerning for sectors with strict data protection regulations such as finance, healthcare, and government institutions in Europe. The breach of credentials could also undermine compliance with GDPR requirements around data security and breach notification. Additionally, since the vulnerability allows an attacker to obtain credentials without authentication or user interaction, any compromise of the underlying system or improper access controls on log files could be exploited. This could result in escalated privileges, data exfiltration, or disruption of identity services, impacting business continuity and trust.

European organizations should immediately audit their deployments of the Janssen IAM platform to identify if they are running versions 1.9.0 or below. Until an official patch is released, organizations should implement strict access controls on the cli_cmd.log file to restrict read permissions only to trusted administrators. Monitoring and alerting on access to this log file should be established to detect any unauthorized attempts. Organizations should also consider disabling or redirecting logging of sensitive commands or credentials if configurable. Upgrading to the latest nightly prerelease that addresses this issue is recommended for testing purposes, with plans to adopt the official patched release once available. Additionally, organizations should enforce strong password policies and consider multi-factor authentication to reduce the impact of credential exposure. Regularly reviewing and rotating credentials stored or used by the Janssen platform can limit the window of exposure. Finally, conducting internal security assessments and penetration tests focusing on log file security and IAM configurations will help identify and remediate related risks.