CVE-2025-57730
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-20
Last updated on: 2025-09-30
Assigner: JetBrains s.r.o.
Description
Description
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | intellij_idea | to 2025.2.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to partial compromise of confidentiality and integrity, as indicated by the CVSS score. An attacker could inject malicious HTML that might manipulate or steal data within the affected application context.
Can you explain this vulnerability to me?
This vulnerability is an HTML injection issue in JetBrains IntelliJ IDEA versions before 2025.2. It occurs via the Remote Development feature, allowing an attacker to inject malicious HTML code.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70