Insecure Configuration in JetBrains YouTrack Leads to Data Exposure and Unauthorized Changes
CVE-2025-64690

5.4MEDIUM

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-64690?

JetBrains YouTrack versions prior to 2025.3.104432 are susceptible to an insecure configuration issue that may allow attackers to expose sensitive data and make unauthorized changes within the application. This vulnerability emphasizes the importance of secure setup practices to prevent potential exploitation.

Affected Version(s)

YouTrack 0 < 2025.3.104432

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Nov 7, 2025

JSON

Jetbrains

What is CVE-2025-64690?

Affected Version(s)

References

CVSS V3.1

Timeline