Privilege Escalation in JetBrains Hub via LDAP Authentication
CVE-2025-24456

8.8HIGH

Key Information:

Vendor: Jetbrains
Status: Hub
Vendor: CVE Published:; 21 January 2025

What is CVE-2025-24456?

A vulnerability exists in JetBrains Hub prior to version 2024.3.55417 that allows an attacker to exploit LDAP authentication mapping for privilege escalation. This can enable unauthorized users to gain higher privileges than intended, potentially compromising sensitive data and security protocols within the system. Proper security measures and updates are essential to mitigate this risk and protect user data.

Affected Version(s)

Hub 0 < 2024.3.55417

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 21, 2025

Jetbrains

What is CVE-2025-24456?

Affected Version(s)

References

CVSS V3.1

Timeline