Cyber Posture

CVE-2025-23385

High

Published: 28 January 2025

Published
28 January 2025
Modified
12 January 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0000 0.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23385 is a high-severity Process Control (CWE-114) vulnerability in Jetbrains Dottrace. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the privilege escalation vulnerability by applying vendor patches to affected JetBrains products and ETW Host Service.

AC-6 Least Privilege partial match
prevent

Enforces least privilege on the ETW Host Service and affected applications, limiting the impact of successful local privilege escalation.

SC-39 Process Isolation partial match
prevent

Process isolation prevents a low-privilege attacker exploiting the ETW Host Service from compromising higher-privilege processes.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local privilege escalation vulnerability in ETW Host Service directly enables T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible

Deeper analysisAI

CVE-2025-23385 is a local privilege escalation vulnerability via the ETW Host Service, affecting JetBrains ReSharper versions prior to 2024.3.4, 2024.2.8, and 2024.1.7; Rider prior to 2024.3.4, 2024.2.8, and 2024.1.7; dotTrace prior to 2024.3.4, 2024.2.8, and 2024.1.7; and ETW Host Service prior to version 16.43. The issue is associated with CWE-114 and has a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability, requiring high attack complexity but no user interaction. Successful exploitation allows the attacker to escalate privileges, resulting in high impacts to confidentiality, integrity, and availability within a changed scope.

JetBrains has published details on fixes in the listed versions. Additional information is available in their advisory at https://www.jetbrains.com/privacy-security/issues-fixed/.

Details

CWE(s)
CWE-114NVD-CWE-noinfo

Affected Products

jetbrains
dottrace
≤ 2024.1.7 · 2024.2 — 2024.2.8 · 2024.3 — 2024.3.4
jetbrains
etw host service
≤ 16.43
jetbrains
resharper
≤ 2024.1.7 · 2024.2 — 2024.2.8 · 2024.3 — 2024.3.4
jetbrains
rider
≤ 2024.1.7 · 2024.2.0 — 2024.2.8 · 2024.3.0 — 2024.3.4

CVEs Like This One

CVE-2026-28193Same vendor: Jetbrains
CVE-2025-24456Same vendor: Jetbrains
CVE-2026-25848Same vendor: Jetbrains
CVE-2026-33392Same vendor: Jetbrains
CVE-2025-24459Same vendor: Jetbrains
CVE-2026-41153Same vendor: Jetbrains
CVE-2025-31141Same vendor: Jetbrains
CVE-2026-25847Same vendor: Jetbrains
CVE-2026-41882Same vendor: Jetbrains
CVE-2025-26493Same vendor: Jetbrains

References