Improper Path Validation in JetBrains TeamCity
CVE-2025-46433

4.9MEDIUM

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 25 April 2025

Summary

JetBrains TeamCity versions prior to 2025.03.1 are susceptible to an improper path validation vulnerability in the loggingPreset parameter. This flaw could potentially allow attackers to manipulate log files or gain unauthorized access to sensitive information, posing a significant security risk for users of the software.

Affected Version(s)

TeamCity 0 < 2025.03.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 24, 2025