Search criteria
6 vulnerabilities found for dotTrace by JetBrains
FKIE_CVE-2025-64457
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2026-01-12 21:56
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
References
| URL | Tags | ||
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:dottrace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F208B85F-30AA-4FF1-A367-A1A0DFA21A8E",
"versionEndExcluding": "2025.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:resharper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEF02A0-FAAF-4CDD-9121-B488E694F8BB",
"versionEndExcluding": "2025.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F59B33-857A-4EB2-B3F9-73B8C8903AA8",
"versionEndExcluding": "2025.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition"
}
],
"id": "CVE-2025-64457",
"lastModified": "2026-01-12T21:56:33.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 2.7,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-10T14:15:43.280",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "cve@jetbrains.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-23385
Vulnerability from fkie_nvd - Published: 2025-01-28 16:15 - Updated: 2026-01-12 18:53
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
References
| URL | Tags | ||
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:dottrace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1E83F7-8826-4C16-AC4E-0EA394EBF660",
"versionEndExcluding": "2024.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dottrace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63C92B5D-1EFC-4A0B-950D-D8929640B91E",
"versionEndExcluding": "2024.2.8",
"versionStartIncluding": "2024.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:dottrace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFCF86D-C418-439A-8AD0-4A401148D6B0",
"versionEndExcluding": "2024.3.4",
"versionStartIncluding": "2024.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:etw_host_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F895DD80-363B-442D-87E3-24994B02DAC3",
"versionEndExcluding": "16.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:resharper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3065499-46FE-48DE-A334-E5ED8A85072E",
"versionEndExcluding": "2024.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:resharper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "812D1640-EFD2-4030-B6AE-9AA0923CFB65",
"versionEndExcluding": "2024.2.8",
"versionStartIncluding": "2024.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:resharper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9349926-4C6C-4259-835D-09609269CEEA",
"versionEndExcluding": "2024.3.4",
"versionStartIncluding": "2024.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25FBD05C-2DED-47BB-9AD9-2CB8E4B73ACA",
"versionEndExcluding": "2024.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BFA83D-5863-4722-A7B3-27BAC16F1257",
"versionEndExcluding": "2024.2.8",
"versionStartIncluding": "2024.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A326F4-4B47-4D70-986F-0CF33FBE06B3",
"versionEndExcluding": "2024.3.4",
"versionStartIncluding": "2024.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible"
},
{
"lang": "es",
"value": "En JetBrains ReSharper antes de 2024.3.4, 2024.2.8 y 2024.1.7, Rider antes de 2024.3.4, 2024.2.8 y 2024.1.7, dotTrace antes de 2024.3.4, 2024.2.8 y 2024.1.7, ETW Host Service antes de 16.43, era posible la escalada de privilegios locales a trav\u00e9s del servicio de host ETW."
}
],
"id": "CVE-2025-23385",
"lastModified": "2026-01-12T18:53:54.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-28T16:15:41.377",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-114"
}
],
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-64457 (GCVE-0-2025-64457)
Vulnerability from nvd – Published: 2025-11-10 13:28 – Updated: 2025-12-19 10:10
VLAI?
Summary
In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
Severity ?
4.2 (Medium)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | ReSharper, Rider and dotTrace |
Affected:
0 , < 2025.2.5
(semver)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper, Rider and dotTrace",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition\u003cbr\u003e"
}
],
"value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T10:10:13.721Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64457",
"datePublished": "2025-11-10T13:28:23.970Z",
"dateReserved": "2025-11-04T14:34:02.045Z",
"dateUpdated": "2025-12-19T10:10:13.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23385 (GCVE-0-2025-23385)
Vulnerability from nvd – Published: 2025-01-28 16:01 – Updated: 2025-01-28 16:26
VLAI?
Summary
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
Severity ?
7.8 (High)
CWE
- CWE-114 - Process Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| JetBrains | ReSharper |
Affected:
2024.3 , < 2024.3.4
(semver)
Affected: 2024.2 , < 2024.2.8 (semver) Affected: 0 , < 2024.1.7 (semver) |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:25:22.095430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:26:10.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Rider",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "dotTrace",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ETW Host Service",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "16.43",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114: Process Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:01:55.084Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-23385",
"datePublished": "2025-01-28T16:01:55.084Z",
"dateReserved": "2025-01-15T11:51:10.292Z",
"dateUpdated": "2025-01-28T16:26:10.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-64457 (GCVE-0-2025-64457)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:28 – Updated: 2025-12-19 10:10
VLAI?
Summary
In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
Severity ?
4.2 (Medium)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | ReSharper, Rider and dotTrace |
Affected:
0 , < 2025.2.5
(semver)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper, Rider and dotTrace",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition\u003cbr\u003e"
}
],
"value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T10:10:13.721Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64457",
"datePublished": "2025-11-10T13:28:23.970Z",
"dateReserved": "2025-11-04T14:34:02.045Z",
"dateUpdated": "2025-12-19T10:10:13.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23385 (GCVE-0-2025-23385)
Vulnerability from cvelistv5 – Published: 2025-01-28 16:01 – Updated: 2025-01-28 16:26
VLAI?
Summary
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
Severity ?
7.8 (High)
CWE
- CWE-114 - Process Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| JetBrains | ReSharper |
Affected:
2024.3 , < 2024.3.4
(semver)
Affected: 2024.2 , < 2024.2.8 (semver) Affected: 0 , < 2024.1.7 (semver) |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:25:22.095430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:26:10.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ReSharper",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Rider",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "dotTrace",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3.4",
"status": "affected",
"version": "2024.3",
"versionType": "semver"
},
{
"lessThan": "2024.2.8",
"status": "affected",
"version": "2024.2",
"versionType": "semver"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ETW Host Service",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "16.43",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114: Process Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:01:55.084Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-23385",
"datePublished": "2025-01-28T16:01:55.084Z",
"dateReserved": "2025-01-15T11:51:10.292Z",
"dateUpdated": "2025-01-28T16:26:10.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}