7.8
CVE-2025-23385
- EPSS 0%
- Published 28.01.2025 16:15:41
- Last modified 28.01.2025 16:15:41
- Source cve@jetbrains.com
- Teams watchlist Login
- Open Login
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorJetBrains
≫
Product
ReSharper
Default Statusunaffected
Version <
2024.3.4
Version
2024.3
Status
affected
Version <
2024.2.8
Version
2024.2
Status
affected
Version <
2024.1.7
Version
0
Status
affected
VendorJetBrains
≫
Product
Rider
Default Statusunaffected
Version <
2024.3.4
Version
2024.3
Status
affected
Version <
2024.2.8
Version
2024.2
Status
affected
Version <
2024.1.7
Version
0
Status
affected
VendorJetBrains
≫
Product
dotTrace
Default Statusunaffected
Version <
2024.3.4
Version
2024.3
Status
affected
Version <
2024.2.8
Version
2024.2
Status
affected
Version <
2024.1.7
Version
0
Status
affected
VendorJetBrains
≫
Product
ETW Host Service
Default Statusunaffected
Version <
16.43
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0% | 0 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cve@jetbrains.com | 7.8 | 1.1 | 6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-114 Process Control
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.