Search criteria
315 vulnerabilities found for youtrack by jetbrains
FKIE_CVE-2025-64773
Vulnerability from fkie_nvd - Published: 2025-11-11 16:15 - Updated: 2025-12-11 19:16
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
References
| URL | Tags | ||
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F181D469-08FC-4F78-BE17-4EAF661A8EA0",
"versionEndExcluding": "2025.3.104432",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit"
}
],
"id": "CVE-2025-64773",
"lastModified": "2025-12-11T19:16:00.367",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-11T16:15:40.260",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "cve@jetbrains.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64689
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2025-12-02 11:17
Severity ?
Summary
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"id": "CVE-2025-64689",
"lastModified": "2025-12-02T11:17:29.950",
"metrics": {},
"published": "2025-11-10T14:15:44.700",
"references": [],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Rejected"
}
FKIE_CVE-2025-64685
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2025-11-21 16:03
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
References
| URL | Tags | ||
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F181D469-08FC-4F78-BE17-4EAF661A8EA0",
"versionEndExcluding": "2025.3.104432",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2025.3.104432, la falta de validaci\u00f3n de certificado TLS habilit\u00f3 la divulgaci\u00f3n de datos."
}
],
"id": "CVE-2025-64685",
"lastModified": "2025-11-21T16:03:45.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-10T14:15:44.070",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "cve@jetbrains.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-64690
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2025-12-02 11:17
Severity ?
Summary
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"id": "CVE-2025-64690",
"lastModified": "2025-12-02T11:17:57.933",
"metrics": {},
"published": "2025-11-10T14:15:44.853",
"references": [],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Rejected"
}
FKIE_CVE-2025-64686
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2025-12-02 11:15
Severity ?
Summary
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"id": "CVE-2025-64686",
"lastModified": "2025-12-02T11:15:51.980",
"metrics": {},
"published": "2025-11-10T14:15:44.223",
"references": [],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Rejected"
}
FKIE_CVE-2025-64688
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2025-12-02 11:17
Severity ?
Summary
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"id": "CVE-2025-64688",
"lastModified": "2025-12-02T11:17:02.430",
"metrics": {},
"published": "2025-11-10T14:15:44.543",
"references": [],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Rejected"
}
FKIE_CVE-2025-64687
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2025-12-02 11:16
Severity ?
Summary
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
References
| URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"id": "CVE-2025-64687",
"lastModified": "2025-12-02T11:16:29.343",
"metrics": {},
"published": "2025-11-10T14:15:44.373",
"references": [],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Rejected"
}
FKIE_CVE-2025-64684
Vulnerability from fkie_nvd - Published: 2025-11-10 14:15 - Updated: 2025-11-21 16:04
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
References
| URL | Tags | ||
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F181D469-08FC-4F78-BE17-4EAF661A8EA0",
"versionEndExcluding": "2025.3.104432",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2025.3.104432, la revelaci\u00f3n de informaci\u00f3n era posible a trav\u00e9s del formulario de comentarios."
}
],
"id": "CVE-2025-64684",
"lastModified": "2025-11-21T16:04:15.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-10T14:15:43.913",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cve@jetbrains.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57731
Vulnerability from fkie_nvd - Published: 2025-08-20 10:15 - Updated: 2025-08-21 15:17
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
References
| URL | Tags | ||
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93144BEE-B20D-4698-80A9-2540C0C3FF75",
"versionEndExcluding": "2025.2.92387",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2025.2.92387, el XSS almacenado era posible a trav\u00e9s del contenido del diagrama Mermaid"
}
],
"id": "CVE-2025-57731",
"lastModified": "2025-08-21T15:17:15.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "cve@jetbrains.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-08-20T10:15:30.983",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@jetbrains.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-54527
Vulnerability from fkie_nvd - Published: 2025-07-28 17:15 - Updated: 2025-12-01 19:23
Severity ?
Summary
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
References
| URL | Tags | ||
|---|---|---|---|
| cve@jetbrains.com | https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "472AD8ED-D062-484B-8988-35543884668D",
"versionEndExcluding": "2025.2.86935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBF6254-FE58-4863-9167-BEB1B3A03022",
"versionEndExcluding": "2025.2.87167",
"versionStartIncluding": "2025.2.87000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C365B4EA-3424-4BAA-A037-0872A5D3BAAE",
"versionEndExcluding": "2025.3.87341",
"versionStartIncluding": "2025.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.2.86935, \n2025.2.87167, \n2025.3.87341, \n2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions"
},
{
"lang": "es",
"value": "En JetBrains YouTrack antes de 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344, la configuraci\u00f3n incorrecta de iframe en el entorno de pruebas del widget permite que las ventanas emergentes eludan las restricciones de seguridad."
}
],
"id": "CVE-2025-54527",
"lastModified": "2025-12-01T19:23:32.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "cve@jetbrains.com",
"type": "Secondary"
}
]
},
"published": "2025-07-28T17:15:31.753",
"references": [
{
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"sourceIdentifier": "cve@jetbrains.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "cve@jetbrains.com",
"type": "Secondary"
}
]
}
CVE-2025-64773 (GCVE-0-2025-64773)
Vulnerability from nvd – Published: 2025-11-11 15:23 – Updated: 2025-12-11 19:00
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
Severity ?
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:54:17.572310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:00:41.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T15:23:19.653Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64773",
"datePublished": "2025-11-11T15:23:19.653Z",
"dateReserved": "2025-11-11T15:02:03.361Z",
"dateUpdated": "2025-12-11T19:00:41.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64690 (GCVE-0-2025-64690)
Vulnerability from nvd – Published: 2025-11-10 13:28 – Updated: 2025-12-02 10:26
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:26:37.525Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64690",
"datePublished": "2025-11-10T13:28:02.290Z",
"dateRejected": "2025-12-02T10:26:37.525Z",
"dateReserved": "2025-11-07T15:10:52.839Z",
"dateUpdated": "2025-12-02T10:26:37.525Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64689 (GCVE-0-2025-64689)
Vulnerability from nvd – Published: 2025-11-10 13:28 – Updated: 2025-12-02 10:26
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:26:13.807Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64689",
"datePublished": "2025-11-10T13:28:01.039Z",
"dateRejected": "2025-12-02T10:26:13.807Z",
"dateReserved": "2025-11-07T15:10:52.443Z",
"dateUpdated": "2025-12-02T10:26:13.807Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64688 (GCVE-0-2025-64688)
Vulnerability from nvd – Published: 2025-11-10 13:27 – Updated: 2025-12-02 10:25
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:25:48.630Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64688",
"datePublished": "2025-11-10T13:27:59.902Z",
"dateRejected": "2025-12-02T10:25:48.630Z",
"dateReserved": "2025-11-07T15:10:52.031Z",
"dateUpdated": "2025-12-02T10:25:48.630Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64687 (GCVE-0-2025-64687)
Vulnerability from nvd – Published: 2025-11-10 13:27 – Updated: 2025-12-02 10:24
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:24:56.254Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64687",
"datePublished": "2025-11-10T13:27:59.372Z",
"dateRejected": "2025-12-02T10:24:56.254Z",
"dateReserved": "2025-11-07T15:10:51.623Z",
"dateUpdated": "2025-12-02T10:24:56.254Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64685 (GCVE-0-2025-64685)
Vulnerability from nvd – Published: 2025-11-10 13:27 – Updated: 2025-11-11 04:55
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
Severity ?
8.1 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T04:55:36.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:58.093Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64685",
"datePublished": "2025-11-10T13:27:58.093Z",
"dateReserved": "2025-11-07T15:10:50.666Z",
"dateUpdated": "2025-11-11T04:55:36.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64686 (GCVE-0-2025-64686)
Vulnerability from nvd – Published: 2025-11-10 13:27 – Updated: 2025-12-02 10:23
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:23:35.440Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64686",
"datePublished": "2025-11-10T13:27:58.836Z",
"dateRejected": "2025-12-02T10:23:35.440Z",
"dateReserved": "2025-11-07T15:10:51.231Z",
"dateUpdated": "2025-12-02T10:23:35.440Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64684 (GCVE-0-2025-64684)
Vulnerability from nvd – Published: 2025-11-10 13:27 – Updated: 2025-11-10 14:50
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
Severity ?
4.5 (Medium)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:50:18.554610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:50:23.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:57.428Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64684",
"datePublished": "2025-11-10T13:27:57.428Z",
"dateReserved": "2025-11-07T15:10:50.072Z",
"dateUpdated": "2025-11-10T14:50:23.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57731 (GCVE-0-2025-57731)
Vulnerability from nvd – Published: 2025-08-20 09:13 – Updated: 2025-08-20 15:25
VLAI?
Summary
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
Severity ?
8.7 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T15:25:36.966962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:25:43.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.92387",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T09:13:59.700Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-57731",
"datePublished": "2025-08-20T09:13:59.700Z",
"dateReserved": "2025-08-18T16:11:20.831Z",
"dateUpdated": "2025-08-20T15:25:43.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54527 (GCVE-0-2025-54527)
Vulnerability from nvd – Published: 2025-07-28 16:20 – Updated: 2025-07-28 17:26
VLAI?
Summary
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Severity ?
6.1 (Medium)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:26:11.203576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:26:29.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.86935, \n2025.2.87167, \n2025.3.87341, \n2025.3.87344",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.2.86935, \n2025.2.87167, \n2025.3.87341, \n2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T16:20:38.600Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-54527",
"datePublished": "2025-07-28T16:20:38.600Z",
"dateReserved": "2025-07-24T11:12:07.461Z",
"dateUpdated": "2025-07-28T17:26:29.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-64773 (GCVE-0-2025-64773)
Vulnerability from cvelistv5 – Published: 2025-11-11 15:23 – Updated: 2025-12-11 19:00
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
Severity ?
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:54:17.572310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T19:00:41.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T15:23:19.653Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64773",
"datePublished": "2025-11-11T15:23:19.653Z",
"dateReserved": "2025-11-11T15:02:03.361Z",
"dateUpdated": "2025-12-11T19:00:41.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64690 (GCVE-0-2025-64690)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:28 – Updated: 2025-12-02 10:26
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:26:37.525Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64690",
"datePublished": "2025-11-10T13:28:02.290Z",
"dateRejected": "2025-12-02T10:26:37.525Z",
"dateReserved": "2025-11-07T15:10:52.839Z",
"dateUpdated": "2025-12-02T10:26:37.525Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64689 (GCVE-0-2025-64689)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:28 – Updated: 2025-12-02 10:26
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:26:13.807Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64689",
"datePublished": "2025-11-10T13:28:01.039Z",
"dateRejected": "2025-12-02T10:26:13.807Z",
"dateReserved": "2025-11-07T15:10:52.443Z",
"dateUpdated": "2025-12-02T10:26:13.807Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64688 (GCVE-0-2025-64688)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:27 – Updated: 2025-12-02 10:25
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:25:48.630Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it relates to internal functionality that is not available to customers."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64688",
"datePublished": "2025-11-10T13:27:59.902Z",
"dateRejected": "2025-12-02T10:25:48.630Z",
"dateReserved": "2025-11-07T15:10:52.031Z",
"dateUpdated": "2025-12-02T10:25:48.630Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64687 (GCVE-0-2025-64687)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:27 – Updated: 2025-12-02 10:24
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:24:56.254Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64687",
"datePublished": "2025-11-10T13:27:59.372Z",
"dateRejected": "2025-12-02T10:24:56.254Z",
"dateReserved": "2025-11-07T15:10:51.623Z",
"dateUpdated": "2025-12-02T10:24:56.254Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64685 (GCVE-0-2025-64685)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:27 – Updated: 2025-11-11 04:55
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
Severity ?
8.1 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T04:55:36.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:58.093Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64685",
"datePublished": "2025-11-10T13:27:58.093Z",
"dateReserved": "2025-11-07T15:10:50.666Z",
"dateUpdated": "2025-11-11T04:55:36.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64686 (GCVE-0-2025-64686)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:27 – Updated: 2025-12-02 10:23
VLAI?
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-12-02T10:23:35.440Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was fixed before public disclosure and did not affect any released versions."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64686",
"datePublished": "2025-11-10T13:27:58.836Z",
"dateRejected": "2025-12-02T10:23:35.440Z",
"dateReserved": "2025-11-07T15:10:51.231Z",
"dateUpdated": "2025-12-02T10:23:35.440Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64684 (GCVE-0-2025-64684)
Vulnerability from cvelistv5 – Published: 2025-11-10 13:27 – Updated: 2025-11-10 14:50
VLAI?
Summary
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
Severity ?
4.5 (Medium)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:50:18.554610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:50:23.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3.104432",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T13:27:57.428Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-64684",
"datePublished": "2025-11-10T13:27:57.428Z",
"dateReserved": "2025-11-07T15:10:50.072Z",
"dateUpdated": "2025-11-10T14:50:23.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57731 (GCVE-0-2025-57731)
Vulnerability from cvelistv5 – Published: 2025-08-20 09:13 – Updated: 2025-08-20 15:25
VLAI?
Summary
In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
Severity ?
8.7 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T15:25:36.966962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:25:43.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.92387",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T09:13:59.700Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-57731",
"datePublished": "2025-08-20T09:13:59.700Z",
"dateReserved": "2025-08-18T16:11:20.831Z",
"dateUpdated": "2025-08-20T15:25:43.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54527 (GCVE-0-2025-54527)
Vulnerability from cvelistv5 – Published: 2025-07-28 16:20 – Updated: 2025-07-28 17:26
VLAI?
Summary
In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
Severity ?
6.1 (Medium)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:26:11.203576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:26:29.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YouTrack",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2.86935, \n2025.2.87167, \n2025.3.87341, \n2025.3.87344",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains YouTrack before 2025.2.86935, \n2025.2.87167, \n2025.3.87341, \n2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T16:20:38.600Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-54527",
"datePublished": "2025-07-28T16:20:38.600Z",
"dateReserved": "2025-07-24T11:12:07.461Z",
"dateUpdated": "2025-07-28T17:26:29.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}