CVE-2025-43014: In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
6.1
CVSS
Description
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
Classification
CVE ID: CVE-2025-43014
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Problem Types
CWE-304Affected Products
Vendor: JetBrains
Product: Toolbox App
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.0% (probability of being exploited)
EPSS Percentile: 0.05% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-43014https://www.jetbrains.com/privacy-security/issues-fixed/