CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-24458: In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

7.1 CVSS

Description

In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

Classification

CVE ID: CVE-2025-24458

CVSS Base Severity: HIGH

CVSS Base Score: 7.1

Affected Products

Vendor: JetBrains

Product: YouTrack

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 24.59% (scored less or equal to compared to others)

EPSS Date: 2025-02-19 (when was this score calculated)

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Timeline