CVE-2025-54538: 
JetBrains TeamCity vulnerability analysis and mitigation

In JetBrains TeamCity versions before 2025.07, a security vulnerability was identified where password exposure was possible via command line in the 'hg pull' command. The vulnerability was assigned CVE-2025-54538 and was disclosed on July 28, 2025. This issue affects JetBrains TeamCity installations and was categorized with CWE-312 (Cleartext Storage of Sensitive Information) (NVD, JetBrains Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The scoring indicates that the vulnerability requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), has unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity (I:N) or availability (A:N) (AttackerKB).

The vulnerability primarily affects the confidentiality of sensitive information, as it could lead to password exposure through the command line. The high confidentiality impact rating suggests that the exposed passwords could potentially give attackers access to sensitive information or systems (Rapid7).

The primary mitigation for this vulnerability is to upgrade to JetBrains TeamCity version 2025.07 or later, which contains the fix for this issue (JetBrains Advisory).