Cyber Resilience

CVE-2025-26492

High

Published: 11 February 2025

Published
11 February 2025
Modified
16 May 2025
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0001 0.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26492 is a high-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Jetbrains Teamcity. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-26492 is a vulnerability in JetBrains TeamCity versions prior to 2024.12.2, stemming from improper Kubernetes connection settings that could expose sensitive resources. Published on 2025-02-11, it carries a CVSS v3.1 base score of 7.7 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N) and maps to CWE-522.

The vulnerability can be exploited over the network by attackers with high privileges (PR:H), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful attacks enable high confidentiality (C:H) and integrity (I:H) impacts with a changed scope (S:C), allowing exposure and potential modification of sensitive resources tied to Kubernetes connections, but without availability disruption (A:N).

JetBrains addressed the issue in TeamCity 2024.12.2. Additional details on fixes and mitigations are available in the vendor advisory at https://www.jetbrains.com/privacy-security/issues-fixed/.

EU & UK References

Vulnerability details

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

The vulnerability stems from improper Kubernetes connection settings exposing sensitive resources (CWE-522: Insufficiently Protected Credentials), directly facilitating access to unsecured credentials stored in TeamCity integration settings.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-31141Same product: Jetbrains Teamcity
CVE-2026-44413Same product: Jetbrains Teamcity
CVE-2025-26493Same product: Jetbrains Teamcity
CVE-2025-24459Same product: Jetbrains Teamcity
CVE-2026-33575Shared CWE-522
CVE-2025-58741Shared CWE-522
CVE-2026-32171Shared CWE-522
CVE-2025-27648Shared CWE-522
CVE-2026-33392Same vendor: Jetbrains
CVE-2026-45091Shared CWE-522

Affected Assets

jetbrains
teamcity
≤ 2024.12.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the specific flaw in TeamCity's Kubernetes connection handling to prevent exposure of sensitive resources.

prevent

Mandates secure and documented configuration settings for Kubernetes connections in TeamCity, directly countering improper settings that expose sensitive resources.

prevent

Enforces least privilege for high-privilege users (PR:H), limiting their ability to exploit improper Kubernetes settings for confidentiality and integrity impacts.

References