CVE-2025-31141: 
JetBrains TeamCity vulnerability analysis and mitigation

In JetBrains TeamCity before version 2025.03, a vulnerability was identified (CVE-2025-31141) where an exception could lead to credential leakage on the Cloud Profiles page. The vulnerability was discovered and disclosed on March 27, 2025, and was assigned by JetBrains s.r.o. as the CNA (CVE Numbering Authority) (NVD, CVE).

The vulnerability is classified as CWE-209 (Generation of Error Message Containing Sensitive Information). It received a CVSS v3.1 Base Score of 2.7 (LOW) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access (AV:N), has low attack complexity (AC:L), requires high privileges (PR:H), needs no user interaction (UI:N), has unchanged scope (S:U), and can impact confidentiality at a low level (C:L) with no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability's primary impact is the potential exposure of credentials through exception messages on the Cloud Profiles page. The low CVSS score of 2.7 indicates a relatively minor security impact, though any credential exposure could potentially lead to unauthorized access if exploited (NVD).

The vulnerability has been addressed in JetBrains TeamCity version 2025.03. Users running affected versions should upgrade to this version or later to mitigate the risk (JetBrains Security).