Improper Access Control in JetBrains TeamCity Exposes Sensitive GitHub App Token Metadata
CVE-2025-67740

2.7LOW

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-67740?

In JetBrains TeamCity versions prior to 2025.11, improper access control mechanisms may allow unauthorized users to access sensitive metadata associated with GitHub App tokens, potentially leading to unauthorized operations and exposure of sensitive information. This vulnerability underscores the importance of ensuring robust access control measures to protect sensitive resources against unauthorized access.

Affected Version(s)

TeamCity 0 < 2025.11

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Dec 11, 2025

JSON

Jetbrains

What is CVE-2025-67740?

Affected Version(s)

References

CVSS V3.1

Timeline