Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-24457
CVE-2025-24457:
YouTrack vulnerability analysis and mitigation
Overview
A security vulnerability identified as CVE-2025-24457 was discovered in JetBrains YouTrack, affecting versions before 2024.3.55417. The vulnerability was disclosed on January 21, 2025, and involves the exposure of permanent tokens in system logs (JetBrains Security, NVD).
Technical details
The vulnerability is classified with a CVSS v3.1 score of 5.5 (Medium severity) and is associated with CWE-532, which relates to information exposure through log files. The issue specifically involves the logging of permanent authentication tokens, which could potentially expose sensitive access credentials (FortiGuard Labs).
Impact
The exposure of permanent tokens in log files could potentially allow unauthorized access to YouTrack instances if the logs are compromised. This could lead to unauthorized system access and potential data breaches, as permanent tokens typically grant persistent access to the system (JetBrains Security).
Mitigation and workarounds
The vulnerability has been patched in YouTrack version 2024.3.55417. Users are advised to upgrade to this version or later to address the security issue (JetBrains Security).
Additional resources
Source: This report was generated using AI
Related YouTrack vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management