Stored XSS Vulnerability in JetBrains YouTrack
CVE-2025-57731

8.7HIGH

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-57731?

JetBrains YouTrack versions prior to 2025.2.92387 are vulnerable to a stored Cross-Site Scripting (XSS) attack through content generated by Mermaid diagrams. This allows attackers to inject malicious scripts, potentially compromising the integrity and confidentiality of user data. It is crucial for users to update to the latest version to mitigate this security risk.

Affected Version(s)

YouTrack 0 < 2025.2.92387

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 18, 2025

Jetbrains

What is CVE-2025-57731?

Affected Version(s)

References

CVSS V3.1

Timeline