CVE-2025-23385

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
JetBrainsCNA
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
jetbrainsdottrace
𝑥
< 2024.1.7
jetbrainsdottrace
2024.2 ≤
𝑥
< 2024.2.8
jetbrainsdottrace
2024.3 ≤
𝑥
< 2024.3.4
jetbrainsetw_host_service
𝑥
< 16.43
jetbrainsresharper
𝑥
< 2024.1.7
jetbrainsresharper
2024.2 ≤
𝑥
< 2024.2.8
jetbrainsresharper
2024.3 ≤
𝑥
< 2024.3.4
jetbrainsrider
𝑥
< 2024.1.7
jetbrainsrider
2024.2.0 ≤
𝑥
< 2024.2.8
jetbrainsrider
2024.3.0 ≤
𝑥
< 2024.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.jetbrains.com/privacy-security/issues-fixed/