VCS URL Validation Flaw in JetBrains YouTrack
CVE-2025-64688

7.4HIGH

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-64688?

A vulnerability in JetBrains YouTrack prior to version 2025.3.104432 allows for inadequate validation of Version Control System (VCS) URLs. This oversight can potentially enable unauthorized delegation to unverified repositories via the Junie widget, posing a security risk for users by opening pathways to untrusted code and data.

Affected Version(s)

YouTrack 0 < 2025.3.104432

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Nov 7, 2025

JSON

Jetbrains

What is CVE-2025-64688?

Affected Version(s)

References

CVSS V3.1

Timeline