Vulnerability in JetBrains IntelliJ IDEA Allows Unintended Plugin Startup
CVE-2025-57729

6.5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-57729?

In JetBrains IntelliJ IDEA versions prior to 2025.2, a vulnerability was identified that allows for an unexpected startup of plugins through the automatic launching of the Language Server Protocol (LSP). This could potentially enable malicious actors to exploit the environment by executing unauthorized code, compromising user security and the integrity of the development environment.

Affected Version(s)

IntelliJ IDEA 0 < 2025.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 18, 2025

Jetbrains

What is CVE-2025-57729?

Affected Version(s)

References

CVSS V3.1

Timeline