CVE-2025-54538
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-07-29
Assigner: JetBrains s.r.o.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | teamcity | to 2025.07 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in JetBrains TeamCity versions before 2025.07 allows passwords to be exposed via the command line when using the "hg pull" command. This means that sensitive password information could be visible or accessible through command line arguments during this operation.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of passwords, potentially allowing attackers or unauthorized users with access to command line history or process information to obtain sensitive credentials. This could compromise the security of the affected system or services.