7.8

CVE-2025-23385

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JetBrainsdotTrace Version < 2024.1.7
JetBrainsdotTrace Version >= 2024.2 < 2024.2.8
JetBrainsdotTrace Version >= 2024.3 < 2024.3.4
JetBrainsEtw Host Service Version < 16.43
JetBrainsResharper Version < 2024.1.7
JetBrainsResharper Version >= 2024.2 < 2024.2.8
JetBrainsResharper Version >= 2024.3 < 2024.3.4
JetBrainsRider Version < 2024.1.7
JetBrainsRider Version >= 2024.2.0 < 2024.2.8
JetBrainsRider Version >= 2024.3.0 < 2024.3.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0% 0.001
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@jetbrains.com 7.8 1.1 6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.