6.5
CVE-2025-43014
- EPSS 0.01%
- Published 17.04.2025 15:56:04
- Last modified 23.04.2025 16:11:35
- Source cve@jetbrains.com
- Teams watchlist Login
- Open Login
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.004 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| cve@jetbrains.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-304 Missing Critical Step in Authentication
The product implements an authentication technique, but it skips a step that weakens the technique.