CVE-2025-46433

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2025.03.1

Description The issue is related to improper path validation in the loggingPreset parameter. This could potentially allow for unauthorized access or manipulation of files.

Recommendations For versions prior to 2025.03.1, update to version 2025.03.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the loggingPreset parameter to minimize the risk of exploitation.

Fix

Path traversal

Relative Path Traversal

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-23CWE-532

Related Identifiers

BDU:2025-05224

CVE-2025-46433

Affected Products

Teamcity

CVE-2025-46433

Weakness Enumeration

Related Identifiers

Affected Products

References · 8