CVE-2025-26492: 
JetBrains TeamCity vulnerability analysis and mitigation

In JetBrains TeamCity before version 2024.12.2, a high-severity vulnerability was identified where improper Kubernetes connection settings could expose sensitive resources. The vulnerability was discovered and disclosed on February 11, 2025, and was assigned CVE-2025-26492. This security issue affects JetBrains TeamCity installations that have not been updated to version 2024.12.2 (JetBrains Security, NVD).

The vulnerability has been classified under CWE-522 (Insufficiently Protected Credentials). According to the CVSS 3.1 scoring system, it received a base score of 7.7 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N. This indicates that while the vulnerability requires high privileges and has high attack complexity, it can potentially lead to significant confidentiality and integrity impacts (JetBrains Security).

The vulnerability could result in the exposure of sensitive resources through improper Kubernetes connection settings. Given the CVSS scoring, the impact primarily affects confidentiality and integrity of the system, with no direct impact on availability. The high severity rating suggests that exposed resources could be critical to system security (NVD).

The primary mitigation is to upgrade TeamCity to version 2024.12.2 or later, which contains the fix for this vulnerability. JetBrains has addressed the issue in this release, making it the recommended solution for affected installations (JetBrains Security).