IntelliJ IDEA SSH Project Opening Vulnerability

MEDIUM (5.4) No Patch (2 days)
cwe-349intellij-ideajetbrainsmavenremote-project-openingsshvulnerability-type

Threat Intelligence

Low Risk
EPSS Score: 0.00% chance of exploitation (percentile: 0%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

JetBrains IntelliJ IDEA is a popular integrated development environment (IDE) for software development. This vulnerability allows attackers to open untrusted remote projects over SSH without requiring additional confirmation, potentially leading to code injection and other security issues.

Am I affected?

You're affected if you use JetBrains IntelliJ IDEA 2025.3 or earlier versions.
Check with: find / -name "idea*.jar" 2>/dev/null

Note: This vulnerability is specific to IntelliJ IDEA's SSH project opening feature, which is used in conjunction with other features like Remote Development and Version Control.

Affected Packages

maven: org.jetbrains.intellij

Affected Products

JetBrains / IntelliJ IDEA

How to fix

  1. Upgrade to IntelliJ IDEA 2025.3 or later from the official JetBrains website: https://www.jetbrains.com/idea/download/
  2. Immediate mitigations:
  3. Disable SSH project opening by setting idea.config.xml to ssh.openProjectsWithoutConfirmation=true
  4. Review and update your project settings to ensure only trusted projects are opened over SSH

References