CVE-2025-23385
7.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| JetBrains | ReSharper | 2024.3 < 2024.3.4 | affected |
| JetBrains | ReSharper | 2024.2 < 2024.2.8 | affected |
| JetBrains | ReSharper | 0 < 2024.1.7 | affected |
| JetBrains | Rider | 2024.3 < 2024.3.4 | affected |
| JetBrains | Rider | 2024.2 < 2024.2.8 | affected |
| JetBrains | Rider | 0 < 2024.1.7 | affected |
| JetBrains | dotTrace | 2024.3 < 2024.3.4 | affected |
| JetBrains | dotTrace | 2024.2 < 2024.2.8 | affected |
| JetBrains | dotTrace | 0 < 2024.1.7 | affected |
| JetBrains | ETW Host Service | 0 < 16.43 | affected |
Weaknesses
- CWE-114: CWE-114: Process Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.