CVE-2025-23385

Summary

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible

Affected Software

VendorProductVersion RangeStatus
JetBrainsReSharper2024.3 < 2024.3.4affected
JetBrainsReSharper2024.2 < 2024.2.8affected
JetBrainsReSharper0 < 2024.1.7affected
JetBrainsRider2024.3 < 2024.3.4affected
JetBrainsRider2024.2 < 2024.2.8affected
JetBrainsRider0 < 2024.1.7affected
JetBrainsdotTrace2024.3 < 2024.3.4affected
JetBrainsdotTrace2024.2 < 2024.2.8affected
JetBrainsdotTrace0 < 2024.1.7affected
JetBrainsETW Host Service0 < 16.43affected

Weaknesses

  • CWE-114: CWE-114: Process Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References