Improper Kubernetes Connection Settings in JetBrains TeamCity
CVE-2025-26492

9.1CRITICAL

Key Information:

Vendor

Jetbrains
Status
Teamcity
Vendor
CVE Published:
11 February 2025

What is CVE-2025-26492?

In JetBrains TeamCity prior to version 2024.12.2, improper Kubernetes connection settings can lead to the exposure of sensitive resources. This configuration flaw may allow unauthorized access to critical data, posing significant risks to the security and integrity of the affected systems. It is crucial for users to review and update their configurations to mitigate potential security threats.

Affected Version(s)

TeamCity 0 < 2024.12.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-26492 : Improper Kubernetes Connection Settings in JetBrains TeamCity