YouTrack Exploitation

MEDIUM (4.3) No Patch (36 days)

Threat Intelligence

Low Risk

EPSS Score: 0.00% chance of exploitation (percentile: 0%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

YouTrack is a project management and issue tracking tool used by JetBrains. This vulnerability allows attackers to extract sensitive information from the feedback form, potentially leading to data breaches.

Am I affected?

This is JetBrains YouTrack version 2025.3.104432 or earlier. Check with: find / -name "youtrack*.jar" 2>/dev/null

Note: This CVE is specific to JetBrains YouTrack and not related to other products from the same vendor.

Affected Packages

maven: org.jetbrains.youtrack

Affected Products

JetBrains / YouTrack

How to fix

Upgrade to YouTrack version 2025.3.104432 or later.
Maven: Update your pom.xml dependency version
Check JetBrains website for updates: https://www.jetbrains.com/support/updates/
Immediate mitigations:
Restrict access to the feedback form (e.g., via a firewall)
Monitor for suspicious activity on the feedback form

References

Vendor Advisory