CVE-2025-54876 is a medium-severity vulnerability affecting the Janssen Project's open-source identity and access management (IAM) platform, specifically versions 1.9.0 and below. The vulnerability arises from insufficient protection of credentials, classified under CWE-522. In these affected versions, passwords are stored in plaintext within the local cli_cmd.log file. This logging practice exposes sensitive credential information to anyone with access to the log files, thereby compromising confidentiality. The vulnerability does not require authentication or user interaction to be exploited, and it can be triggered remotely since the CVSS vector indicates network attack vector (AV:N) and no privileges or user interaction needed (PR:N/UI:N). The CVSS 4.0 base score is 6.9, reflecting a medium severity level primarily due to the ease of exploitation and the direct exposure of plaintext passwords. The issue has been fixed in the nightly prerelease versions, which presumably implement secure credential handling and avoid logging plaintext passwords. No known exploits are currently reported in the wild, but the vulnerability presents a significant risk if attackers gain access to the log files, potentially leading to unauthorized access to the IAM system or downstream services relying on it. The vulnerability affects the confidentiality of credentials but does not directly impact integrity or availability. The scope is limited to systems running vulnerable versions of Janssen IAM software that generate the affected log files.

For European organizations using the Janssen IAM platform, this vulnerability poses a substantial risk to the confidentiality of user credentials. IAM systems are critical for managing authentication and authorization across enterprise environments. Exposure of plaintext passwords in logs could allow attackers or malicious insiders to escalate privileges, impersonate users, or gain unauthorized access to sensitive systems and data. This could lead to data breaches, regulatory non-compliance (e.g., GDPR violations due to inadequate protection of personal data), and operational disruptions. The risk is heightened in environments where log files are not adequately protected or monitored, or where multiple administrators have access to system logs. Since Janssen is an open-source platform, organizations that have customized or self-hosted deployments may be unaware of this vulnerability if they have not updated to the fixed versions. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for targeted attacks, especially in high-value environments such as financial institutions, government agencies, or critical infrastructure operators in Europe.

European organizations should immediately audit their use of the Janssen IAM platform to determine if they are running affected versions (1.9.0 and below). They should upgrade to the latest nightly prerelease or any stable release that includes the fix to prevent plaintext password logging. Until upgrades are applied, organizations should restrict access to cli_cmd.log and any other log files that may contain sensitive information, implementing strict file permissions and monitoring access logs for suspicious activity. Additionally, organizations should review their logging policies to ensure that sensitive data such as passwords are never logged in plaintext. Implementing centralized log management with encryption and access controls can further reduce risk. Regularly rotating credentials and enforcing strong password policies will limit the impact if credentials are exposed. Finally, organizations should conduct security awareness training for administrators to highlight the risks of credential exposure in logs and encourage prompt patching of IAM components.