HIGH✓ PATCH🇬🇧 English

CVE-2025-23385

CVSS 7.8v3.1pub. 2025-01-28upd. 2026-01-12

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Jetbrains Dottrace

    APP
    Jetbrains
    < 2024.1.72024.2 – 2024.2.8 (bez)2024.3 – 2024.3.4 (bez)
  • Jetbrains Etw Host Service

    APP
    Jetbrains
    < 16.43
  • Jetbrains Resharper

    APP
    Jetbrains
    < 2024.1.72024.2 – 2024.2.8 (bez)2024.3 – 2024.3.4 (bez)
  • Jetbrains Rider

    APP
    Jetbrains
    < 2024.1.72024.2.0 – 2024.2.8 (bez)2024.3.0 – 2024.3.4 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2024-37051CRITICAL9.3PL ✓ten sam produkt

Wyciek tokenu GitHub do stron trzecich w JetBrains IDE

CVE-2025-64456HIGH8.4ten sam produkt

In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege ...

CVE-2020-7906HIGH7.5ten sam produkt

In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Wind...

CVE-2019-16407HIGH7.3ten sam produkt

JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.

CVE-2019-14960HIGH7.8ten sam produkt

JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.

CVE-2025-23385 — HIGH 7.8 | CVEbaza.pl