Race Condition Vulnerability in JetBrains Hub Software
CVE-2025-64681

2.7LOW

Key Information:

Vendor: Jetbrains
Status: Hub
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-64681?

A race condition vulnerability exists in JetBrains Hub prior to version 2025.3.104992, which may allow an attacker to bypass user limits through unauthorized invitations. This flaw can lead to unauthorized access and manipulation of user roles and permissions, impacting system integrity. Organizations using JetBrains Hub are advised to upgrade to the latest version to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Hub 0 < 2025.3.104992

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Nov 7, 2025

JSON

Jetbrains

What is CVE-2025-64681?

Affected Version(s)

References

CVSS V3.1

Timeline