Cyber Resilience

CVE-2025-24456

Medium

Published: 21 January 2025

Published
21 January 2025
Modified
30 January 2025
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
EPSS Score 0.0000 0.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24456 is a medium-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Jetbrains Hub. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-2 (Account Management).

Deeper analysis

CVE-2025-24456 is a privilege escalation vulnerability in JetBrains Hub versions prior to 2024.3.55417, stemming from improper LDAP authentication mapping. Published on 2025-01-21, it has a CVSS v3.1 base score of 6.7 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L) and is associated with CWE-288 (Authentication Bypass Using an Alternate Path or Channel) and CWE-306 (Missing Authentication for Critical Function).

An attacker with low privileges (PR:L) can exploit this over the network (AV:N), though it requires high attack complexity (AC:H) and user interaction (UI:R). Successful exploitation enables privilege escalation, resulting in high impacts on confidentiality and integrity (C:H/I:H) with low impact on availability (A:L), all within unchanged scope (S:U).

JetBrains addressed the issue in version 2024.3.55417, as detailed in their issues-fixed advisory at https://www.jetbrains.com/privacy-security/issues-fixed/. Security practitioners should upgrade to this version or later to mitigate the vulnerability.

EU & UK References

Vulnerability details

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a privilege escalation vulnerability via improper LDAP authentication mapping and bypass (CWE-288/306), directly enabling the Exploitation for Privilege Escalation technique.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-25848Same product: Jetbrains Hub
CVE-2026-28193Same vendor: Jetbrains
CVE-2025-23385Same vendor: Jetbrains
CVE-2024-9658Shared CWE-288, CWE-306
CVE-2026-44413Same vendor: Jetbrains
CVE-2026-33392Same vendor: Jetbrains
CVE-2026-26160Shared CWE-306
CVE-2026-26159Shared CWE-306
CVE-2026-24062Shared CWE-306
CVE-2025-24459Same vendor: Jetbrains

Affected Assets

jetbrains
hub
≤ 2024.3.55417

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the software flaw in JetBrains Hub's improper LDAP authentication mapping by identifying, reporting, and applying vendor patches such as version 2024.3.55417.

prevent

Enforces the principle of least privilege to limit the initial low-privilege access (PR:L) that attackers can leverage for escalation via flawed LDAP mapping.

prevent

Manages and reviews account provisioning and privileges associated with LDAP authentication mappings to prevent or correct improper privilege assignments.

References