Improper Kubernetes Connection Settings in JetBrains TeamCity
CVE-2025-26492

9.1CRITICAL

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-26492?

In JetBrains TeamCity prior to version 2024.12.2, improper Kubernetes connection settings can lead to the exposure of sensitive resources. This configuration flaw may allow unauthorized access to critical data, posing significant risks to the security and integrity of the affected systems. It is crucial for users to review and update their configurations to mitigate potential security threats.

Affected Version(s)

TeamCity 0 < 2024.12.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Feb 11, 2025

Jetbrains

What is CVE-2025-26492?

Affected Version(s)

References

CVSS V3.1

Timeline