CVE-2025-67739
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-11
Assigner: JetBrains s.r.o.
Description
Description
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | teamcity | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-939 | The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in JetBrains TeamCity versions before 2025.11.2 involves improper validation of repository URLs, which could allow an attacker to disclose local file system paths.
How can this vulnerability impact me? :
The vulnerability could lead to the disclosure of local paths on the server running JetBrains TeamCity, potentially exposing sensitive directory structure information to an attacker. This information could be used to facilitate further attacks.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70