CVE-2025-23215
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | net.sourceforge.pmd:pmd-designer | >=7.0.0,<7.10.0 | 7.10.0 |
| Maven | net.sourceforge.pmd:pmd-ui | >=6.14.0,<=6.19.0 | |
| Maven | net.sourceforge.pmd:pmd-core | >=6.21.0,<7.10.0 | 7.10.0 |
References
- https://github.com/pmd/pmd/security/advisories/GHSA-88m4-h43f-wx84
- https://nvd.nist.gov/vuln/detail/CVE-2025-23215
- https://github.com/pmd/pmd-designer/commit/1548f5f27ba2981b890827fecbd0612fa70a0362
- https://github.com/pmd/pmd-designer/commit/e87a45312753ec46b3e5576c6f6ac1f7de2f5891
- https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/net/sourceforge/pmd/pmd-designer/README.md
- https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/net/sourceforge/pmd/pmd-designer/pmd-designer-7.0.0.diffoscope
- https://github.com/jvm-repo-rebuild/reproducible-central?tab=readme-ov-file#reproducible-builds-for-maven-central-repository
- https://github.com/pmd/pmd
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.