CVE-2025-68162
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: JetBrains s.r.o.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetbrains | teamcity | to 2025.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in JetBrains TeamCity before version 2025.11 involves the maven embedder allowing loading of extensions via project configuration. This means that malicious or unintended extensions could be loaded through the project setup, potentially altering the build process.
How can this vulnerability impact me? :
The vulnerability could allow an attacker with high privileges to load unauthorized extensions through project configuration, potentially leading to integrity issues in the build process. However, it does not impact confidentiality or availability.