CVE-2025-59458

High CVSS: 8.3

In JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.284.50,
243.284.54,
243.284.50 code execution was possible due to improper command validation

Vendor

Jetbrains

Product

Junie

CWE

CWE-77

Yayın Tarihi

2025-09-17 09:15:32

Güncelleme

2026-01-20 17:31:03

Source Identifier

cve@jetbrains.com

KEV Date Added

Kategoriler

CWE-77 Junie HIGH Jetbrains 2025

Referanslar

https://www.jetbrains.com/privacy-security/issues-fixed/

Benzer Kayıtlar

Medium

CVE-2026-32745

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

Medium

CVE-2026-32229

In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled

Medium

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build confi…

Low

CVE-2026-28196

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

High

CVE-2026-28193

In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

Medium

CVE-2026-28194

In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow