Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for ReSharper by JetBrains

    CVE-2025-64457 (GCVE-0-2025-64457)

    Vulnerability from nvd – Published: 2025-11-10 13:28 – Updated: 2026-02-26 17:47
    VLAI
    Summary
    In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains ReSharper, Rider and dotTrace Affected: 0 , < 2025.2.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-11T04:55:35.360967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:04.857Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ReSharper, Rider and dotTrace",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2025.2.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition\u003cbr\u003e"
                }
              ],
              "value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T10:10:13.721Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2025-64457",
        "datePublished": "2025-11-10T13:28:23.970Z",
        "dateReserved": "2025-11-04T14:34:02.045Z",
        "dateUpdated": "2026-02-26T17:47:04.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64456 (GCVE-0-2025-64456)

    Vulnerability from nvd – Published: 2025-11-10 13:28 – Updated: 2026-02-26 17:47
    VLAI
    Summary
    In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains ReSharper Affected: 0 , < 2025.2.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64456",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-11T04:55:34.649352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:05.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ReSharper",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2025.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-10T13:28:03.624Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2025-64456",
        "datePublished": "2025-11-10T13:28:03.624Z",
        "dateReserved": "2025-11-04T14:34:01.215Z",
        "dateUpdated": "2026-02-26T17:47:05.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23385 (GCVE-0-2025-23385)

    Vulnerability from nvd – Published: 2025-01-28 16:01 – Updated: 2025-01-28 16:26
    VLAI
    Summary
    In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains ReSharper Affected: 2024.3 , < 2024.3.4 (semver)
    Affected: 2024.2 , < 2024.2.8 (semver)
    Affected: 0 , < 2024.1.7 (semver)
    Create a notification for this product.
    JetBrains Rider Affected: 2024.3 , < 2024.3.4 (semver)
    Affected: 2024.2 , < 2024.2.8 (semver)
    Affected: 0 , < 2024.1.7 (semver)
    Create a notification for this product.
    JetBrains dotTrace Affected: 2024.3 , < 2024.3.4 (semver)
    Affected: 2024.2 , < 2024.2.8 (semver)
    Affected: 0 , < 2024.1.7 (semver)
    Create a notification for this product.
    JetBrains ETW Host Service Affected: 0 , < 16.43 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23385",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T16:25:22.095430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T16:26:10.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ReSharper",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2024.3.4",
                  "status": "affected",
                  "version": "2024.3",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.2.8",
                  "status": "affected",
                  "version": "2024.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rider",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2024.3.4",
                  "status": "affected",
                  "version": "2024.3",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.2.8",
                  "status": "affected",
                  "version": "2024.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "dotTrace",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2024.3.4",
                  "status": "affected",
                  "version": "2024.3",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.2.8",
                  "status": "affected",
                  "version": "2024.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ETW Host Service",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "16.43",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-114",
                  "description": "CWE-114: Process Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-28T16:01:55.084Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2025-23385",
        "datePublished": "2025-01-28T16:01:55.084Z",
        "dateReserved": "2025-01-15T11:51:10.292Z",
        "dateUpdated": "2025-01-28T16:26:10.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16407 (GCVE-0-2019-16407)

    Vulnerability from nvd – Published: 2019-10-02 18:11 – Updated: 2024-08-05 01:17
    VLAI
    Summary
    JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:17:39.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-02T18:11:42.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-16407",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/",
                  "refsource": "MISC",
                  "url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-16407",
        "datePublished": "2019-10-02T18:11:42.000Z",
        "dateReserved": "2019-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:17:39.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-64457 (GCVE-0-2025-64457)

    Vulnerability from cvelistv5 – Published: 2025-11-10 13:28 – Updated: 2026-02-26 17:47
    VLAI
    Summary
    In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains ReSharper, Rider and dotTrace Affected: 0 , < 2025.2.5 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-11T04:55:35.360967Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:04.857Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ReSharper, Rider and dotTrace",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2025.2.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition\u003cbr\u003e"
                }
              ],
              "value": "In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T10:10:13.721Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2025-64457",
        "datePublished": "2025-11-10T13:28:23.970Z",
        "dateReserved": "2025-11-04T14:34:02.045Z",
        "dateUpdated": "2026-02-26T17:47:04.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64456 (GCVE-0-2025-64456)

    Vulnerability from cvelistv5 – Published: 2025-11-10 13:28 – Updated: 2026-02-26 17:47
    VLAI
    Summary
    In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains ReSharper Affected: 0 , < 2025.2.4 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64456",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-11T04:55:34.649352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:05.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ReSharper",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2025.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-10T13:28:03.624Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2025-64456",
        "datePublished": "2025-11-10T13:28:03.624Z",
        "dateReserved": "2025-11-04T14:34:01.215Z",
        "dateUpdated": "2026-02-26T17:47:05.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23385 (GCVE-0-2025-23385)

    Vulnerability from cvelistv5 – Published: 2025-01-28 16:01 – Updated: 2025-01-28 16:26
    VLAI
    Summary
    In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    JetBrains ReSharper Affected: 2024.3 , < 2024.3.4 (semver)
    Affected: 2024.2 , < 2024.2.8 (semver)
    Affected: 0 , < 2024.1.7 (semver)
    Create a notification for this product.
    JetBrains Rider Affected: 2024.3 , < 2024.3.4 (semver)
    Affected: 2024.2 , < 2024.2.8 (semver)
    Affected: 0 , < 2024.1.7 (semver)
    Create a notification for this product.
    JetBrains dotTrace Affected: 2024.3 , < 2024.3.4 (semver)
    Affected: 2024.2 , < 2024.2.8 (semver)
    Affected: 0 , < 2024.1.7 (semver)
    Create a notification for this product.
    JetBrains ETW Host Service Affected: 0 , < 16.43 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23385",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T16:25:22.095430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T16:26:10.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ReSharper",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2024.3.4",
                  "status": "affected",
                  "version": "2024.3",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.2.8",
                  "status": "affected",
                  "version": "2024.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Rider",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2024.3.4",
                  "status": "affected",
                  "version": "2024.3",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.2.8",
                  "status": "affected",
                  "version": "2024.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "dotTrace",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "2024.3.4",
                  "status": "affected",
                  "version": "2024.3",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.2.8",
                  "status": "affected",
                  "version": "2024.2",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ETW Host Service",
              "vendor": "JetBrains",
              "versions": [
                {
                  "lessThan": "16.43",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-114",
                  "description": "CWE-114: Process Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-28T16:01:55.084Z",
            "orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
            "shortName": "JetBrains"
          },
          "references": [
            {
              "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
        "assignerShortName": "JetBrains",
        "cveId": "CVE-2025-23385",
        "datePublished": "2025-01-28T16:01:55.084Z",
        "dateReserved": "2025-01-15T11:51:10.292Z",
        "dateUpdated": "2025-01-28T16:26:10.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16407 (GCVE-0-2019-16407)

    Vulnerability from cvelistv5 – Published: 2019-10-02 18:11 – Updated: 2024-08-05 01:17
    VLAI
    Summary
    JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:17:39.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-02T18:11:42.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-16407",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/",
                  "refsource": "MISC",
                  "url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-16407",
        "datePublished": "2019-10-02T18:11:42.000Z",
        "dateReserved": "2019-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:17:39.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }