CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-48391: In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
7.7
CVSS
Description
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
Classification
CVE ID: CVE-2025-48391
CVSS Base Severity: HIGH
CVSS Base Score: 7.7
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Problem Types
CWE-306Affected Products
Vendor: JetBrains
Product: YouTrack
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.0% (probability of being exploited)
EPSS Percentile: 0.02% (scored less or equal to compared to others)
EPSS Date: 2025-06-15 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48391https://www.jetbrains.com/privacy-security/issues-fixed/