cvelistv5 - cve-2025-24461

CVE-2025-24461 (GCVE-0-2025-24461)

Vulnerability from cvelistv5 – Published: 2025-01-21 17:23 – Updated: 2025-01-21 18:41

Summary

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-862

Assigner

JetBrains

References

URL

Tags

https://www.jetbrains.com/privacy-security/issues…

Impacted products

	Vendor	Product	Version
	JetBrains	TeamCity	Affected: 0 , < 2024.12.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T18:35:26.241109Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T18:41:29.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "TeamCity",
          "vendor": "JetBrains",
          "versions": [
            {
              "lessThan": "2024.12.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T17:23:20.740Z",
        "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "shortName": "JetBrains"
      },
      "references": [
        {
          "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
    "assignerShortName": "JetBrains",
    "cveId": "CVE-2025-24461",
    "datePublished": "2025-01-21T17:23:20.740Z",
    "dateReserved": "2025-01-21T17:22:33.069Z",
    "dateUpdated": "2025-01-21T18:41:29.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-24461\",\"sourceIdentifier\":\"cve@jetbrains.com\",\"published\":\"2025-01-21T18:15:19.260\",\"lastModified\":\"2025-01-30T21:26:17.583\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint\"},{\"lang\":\"es\",\"value\":\"En JetBrains TeamCity antes de 2024.12.1 era posible descifrar secretos de conexi\u00f3n sin los permisos adecuados a trav\u00e9s de Conexi\u00f3n de prueba endpoint\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@jetbrains.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@jetbrains.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jetbrains:teamcity:2024.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E73863-CD45-441D-8935-DEEBF201E302\"}]}]}],\"references\":[{\"url\":\"https://www.jetbrains.com/privacy-security/issues-fixed/\",\"source\":\"cve@jetbrains.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24461\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-21T18:35:26.241109Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-21T18:35:27.724Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"JetBrains\", \"product\": \"TeamCity\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2024.12.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.jetbrains.com/privacy-security/issues-fixed/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862\"}]}], \"providerMetadata\": {\"orgId\": \"547ada31-17d8-4964-bc5f-1b8238ba8014\", \"shortName\": \"JetBrains\", \"dateUpdated\": \"2025-01-21T17:23:20.740Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-24461\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-21T18:41:29.249Z\", \"dateReserved\": \"2025-01-21T17:22:33.069Z\", \"assignerOrgId\": \"547ada31-17d8-4964-bc5f-1b8238ba8014\", \"datePublished\": \"2025-01-21T17:23:20.740Z\", \"assignerShortName\": \"JetBrains\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-H9XV-3V8Q-FRMV

Vulnerability from github – Published: 2025-01-21 18:31 – Updated: 2025-01-21 18:31

Details

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-24461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-21T18:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint",
  "id": "GHSA-h9xv-3v8q-frmv",
  "modified": "2025-01-21T18:31:08Z",
  "published": "2025-01-21T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24461"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2025-24461

Vulnerability from fkie_nvd - Published: 2025-01-21 18:15 - Updated: 2025-01-30 21:26

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

References

	URL	Tags
	cve@jetbrains.com	https://www.jetbrains.com/privacy-security/issues-fixed/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	jetbrains	teamcity	2024.12.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jetbrains:teamcity:2024.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E73863-CD45-441D-8935-DEEBF201E302",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint"
    },
    {
      "lang": "es",
      "value": "En JetBrains TeamCity antes de 2024.12.1 era posible descifrar secretos de conexi\u00f3n sin los permisos adecuados a trav\u00e9s de Conexi\u00f3n de prueba endpoint"
    }
  ],
  "id": "CVE-2025-24461",
  "lastModified": "2025-01-30T21:26:17.583",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "cve@jetbrains.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-01-21T18:15:19.260",
  "references": [
    {
      "source": "cve@jetbrains.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
    }
  ],
  "sourceIdentifier": "cve@jetbrains.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cve@jetbrains.com",
      "type": "Secondary"
    }
  ]
}

WID-SEC-W-2025-0159

Vulnerability from csaf_certbund - Published: 2025-01-21 23:00 - Updated: 2025-01-21 23:00

Summary

JetBrains TeamCity: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

TeamCity ist ein Continuous Integration und Deployment Tool für Entwickler und DevOps Ingenieure.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in JetBrains TeamCity ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Informationen auszuspähen oder Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "TeamCity ist ein Continuous Integration und Deployment Tool f\u00fcr Entwickler und DevOps Ingenieure.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in JetBrains TeamCity ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, Informationen auszusp\u00e4hen oder Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0159 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0159.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0159 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0159"
      },
      {
        "category": "external",
        "summary": "JetBrains Fixed security issues vom 2025-01-21",
        "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2025-01-21",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24459"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2025-01-21",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24460"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2025-01-21",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24461"
      }
    ],
    "source_lang": "en-US",
    "title": "JetBrains TeamCity: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-21T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-22T12:43:49.890+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0159",
      "initial_release_date": "2025-01-21T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-21T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2024.12.1",
                "product": {
                  "name": "JetBrains TeamCity \u003c2024.12.1",
                  "product_id": "T040535"
                }
              },
              {
                "category": "product_version",
                "name": "2024.12.1",
                "product": {
                  "name": "JetBrains TeamCity 2024.12.1",
                  "product_id": "T040535-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:jetbrains:teamcity:2024.12.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TeamCity"
          }
        ],
        "category": "vendor",
        "name": "JetBrains"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-24459",
      "notes": [
        {
          "category": "description",
          "text": "In JetBrains TeamCity existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040535"
        ]
      },
      "release_date": "2025-01-21T23:00:00.000+00:00",
      "title": "CVE-2025-24459"
    },
    {
      "cve": "CVE-2025-24460",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in JetBrains TeamCity. Sie f\u00fchrt dazu, dass Zugriffe nicht korrekt kontrolliert und authentifiziert werden. Ein entfernter, authentisierter Angreifer kann somit Projekt-Daten auslesen ."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040535"
        ]
      },
      "release_date": "2025-01-21T23:00:00.000+00:00",
      "title": "CVE-2025-24460"
    },
    {
      "cve": "CVE-2025-24461",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in JetBrains TeamCity. Sie besteht in unzureichenden Zugriffskontrollen bei der Entschl\u00fcsselung von Secrets. Ein entfernter, authentisierter Angreifer kann diese Secrets entschl\u00fcsseln, ohne \u00fcber die erforderlichen Berechtigungen zu verf\u00fcgen, indem er den Endpunkt \"Test Connection\" ausnutzt."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040535"
        ]
      },
      "release_date": "2025-01-21T23:00:00.000+00:00",
      "title": "CVE-2025-24461"
    }
  ]
}

CNVD-2025-13795

Vulnerability from cnvd - Published: 2025-06-26

Title

JetBrains TeamCity权限问题漏洞

Description

JetBrains TeamCity 是由JetBrains开发的一款强大的持续集成和持续交付（CI/CD）工具。 JetBrains TeamCity存在权限问题漏洞，该漏洞源于通过测试连接端点，解密没有适当权限的连接机密。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

JetBrains TeamCity权限问题漏洞的补丁

Patch Description

JetBrains TeamCity 是由JetBrains开发的一款强大的持续集成和持续交付（CI/CD）工具。 JetBrains TeamCity存在权限问题漏洞，该漏洞源于通过测试连接端点，解密没有适当权限的连接机密。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://www.jetbrains.com/privacy-security/issues-fixed/

Reference

https://www.jetbrains.com/privacy-security/issues-fixed/https://nvd.nist.gov/vuln/detail/CVE-2025-24461

Impacted products

Name
JetBrains JetBrains TeamCity <2024.12.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-24461",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-24461"
    }
  },
  "description": "JetBrains TeamCity \u662f\u7531JetBrains\u5f00\u53d1\u7684\u4e00\u6b3e\u5f3a\u5927\u7684\u6301\u7eed\u96c6\u6210\u548c\u6301\u7eed\u4ea4\u4ed8\uff08CI/CD\uff09\u5de5\u5177\u3002\n\nJetBrains TeamCity\u5b58\u5728\u6743\u9650\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u901a\u8fc7\u6d4b\u8bd5\u8fde\u63a5\u7aef\u70b9\uff0c\u89e3\u5bc6\u6ca1\u6709\u9002\u5f53\u6743\u9650\u7684\u8fde\u63a5\u673a\u5bc6\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.jetbrains.com/privacy-security/issues-fixed/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-13795",
  "openTime": "2025-06-26",
  "patchDescription": "JetBrains TeamCity \u662f\u7531JetBrains\u5f00\u53d1\u7684\u4e00\u6b3e\u5f3a\u5927\u7684\u6301\u7eed\u96c6\u6210\u548c\u6301\u7eed\u4ea4\u4ed8\uff08CI/CD\uff09\u5de5\u5177\u3002\r\n\r\nJetBrains TeamCity\u5b58\u5728\u6743\u9650\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u901a\u8fc7\u6d4b\u8bd5\u8fde\u63a5\u7aef\u70b9\uff0c\u89e3\u5bc6\u6ca1\u6709\u9002\u5f53\u6743\u9650\u7684\u8fde\u63a5\u673a\u5bc6\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "JetBrains TeamCity\u6743\u9650\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "JetBrains JetBrains TeamCity \u003c2024.12.1"
  },
  "referenceLink": "https://www.jetbrains.com/privacy-security/issues-fixed/https://nvd.nist.gov/vuln/detail/CVE-2025-24461",
  "serverity": "\u4e2d",
  "submitTime": "2025-02-18",
  "title": "JetBrains TeamCity\u6743\u9650\u95ee\u9898\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-24461 (GCVE-0-2025-24461)

GHSA-H9XV-3V8Q-FRMV

FKIE_CVE-2025-24461

WID-SEC-W-2025-0159

CNVD-2025-13795

Tags

Sightings

Nomenclature