CVE-2025-54535
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-07-29
Assigner: JetBrains s.r.o.
Description
Description
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | teamcity | to 2025.07 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-328 | The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in JetBrains TeamCity versions before 2025.07 involves the use of weak hashing algorithms for password reset and email verification tokens, which could make these tokens easier to compromise.
How can this vulnerability impact me? :
The use of weak hashing algorithms for password reset and email verification tokens could allow attackers to more easily guess or forge these tokens, potentially leading to unauthorized account access or manipulation of user verification processes.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70