CVE-2025-23385: 
JetBrains ReSharper vulnerability analysis and mitigation

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, and ETW Host Service before 16.43, a Local Privilege Escalation vulnerability was discovered via the ETW Host Service. The vulnerability was assigned CVE-2025-23385 and was disclosed on January 28, 2025 (NVD, JetBrains Issues).

The vulnerability has been classified with CWE-114 (Process Control) and received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. This indicates that the vulnerability requires local access, has high attack complexity, requires low privileges, needs no user interaction, has changed scope, and could result in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability could allow an attacker to escalate privileges locally through the ETW Host Service, potentially gaining elevated access to the affected system. The CVSS score of 7.8 indicates high severity with potential for significant impact on system security (JetBrains Issues).

Users should upgrade to the following fixed versions: ReSharper 2024.3.4, 2024.2.8, or 2024.1.7; Rider 2024.3.4, 2024.2.8, or 2024.1.7; dotTrace 2024.3.4, 2024.2.8, or 2024.1.7; and ETW Host Service 16.43 (JetBrains Issues).