Improper Path Validation in JetBrains TeamCity
CVE-2025-46433

9.8CRITICAL

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 25 April 2025

What is CVE-2025-46433?

JetBrains TeamCity versions prior to 2025.03.1 are susceptible to an improper path validation vulnerability in the loggingPreset parameter. This flaw could potentially allow attackers to manipulate log files or gain unauthorized access to sensitive information, posing a significant security risk for users of the software.

Affected Version(s)

TeamCity 0 < 2025.03.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 24, 2025

Jetbrains

What is CVE-2025-46433?

Affected Version(s)

References

CVSS V3.1

Timeline