API Permission Flaw in JetBrains YouTrack Allows Unauthorized Issue Deletion
CVE-2025-48391

7.7HIGH

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-48391?

A security flaw in JetBrains YouTrack, prior to version 2025.1.76253, enables unauthorized deletion of issues through missing permission checks in the API. This vulnerability poses significant risks as it allows users to manipulate issue management without appropriate authorization, potentially compromising sensitive project data. Organizations utilizing this product are urged to review security practices and implement necessary updates to safeguard against such exploitation.

Affected Version(s)

YouTrack 0 < 2025.1.76253

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
May 19, 2025

Jetbrains

What is CVE-2025-48391?

Affected Version(s)

References

CVSS V3.1

Timeline