CVE-2025-23385

Description

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

JetBrains / dotTrace0 – 2024.1.7
JetBrains / dotTrace2024.2 – 2024.2.8
JetBrains / dotTrace2024.3 – 2024.3.4
JetBrains / ETW Host Service0 – 16.43
JetBrains / ReSharper2024.3 – 2024.3.4
JetBrains / ReSharper2024.2 – 2024.2.8
JetBrains / ReSharper0 – 2024.1.7
JetBrains / Rider0 – 2024.1.7
JetBrains / Rider2024.2 – 2024.2.8
JetBrains / Rider2024.3 – 2024.3.4

References

MISChttps://www.jetbrains.com/privacy-security/issues-fixed/