CVE-2025-24458: 
YouTrack vulnerability analysis and mitigation

A critical security vulnerability (CVE-2025-24458) was discovered in JetBrains YouTrack versions before 2024.3.55417. The vulnerability allowed account takeover through spoofed email and Helpdesk integration functionality. This issue was disclosed on January 21, 2025, and was assigned a high severity CVSS base score of 7.8 (NVD).

The vulnerability is classified as an Authentication Bypass by Spoofing (CWE-290). According to the CVSS 3.1 scoring, it requires low attack complexity (AC:L) with no privileges required (PR:N), but does need user interaction (UI:R). The vulnerability has a high impact on confidentiality, integrity, and availability with a CVSS vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows attackers to perform account takeover attacks by exploiting the spoofed email functionality in combination with the Helpdesk integration feature. This could lead to unauthorized access to user accounts and potential compromise of sensitive information (JetBrains Advisory).

JetBrains has addressed this vulnerability in YouTrack version 2024.3.55417. Users are strongly advised to upgrade to this version or later to protect against potential account takeover attacks (JetBrains Advisory).