Race Condition Vulnerability in JetBrains Hub Affects User Limit Enforcement
CVE-2025-64682

2.7LOW

Key Information:

Vendor: Jetbrains
Status: Hub
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-64682?

In JetBrains Hub prior to version 2025.3.104432, a race condition vulnerability has been identified that permits the bypassing of agent-user limits. This flaw can potentially allow unauthorized access to functionality, compromising the intended restrictions set for user operations. Mitigation is essential to prevent exploitation of this vulnerability.

Affected Version(s)

Hub 0 < 2025.3.104432

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Nov 7, 2025

JSON

Jetbrains

What is CVE-2025-64682?

Affected Version(s)

References

CVSS V3.1

Timeline