CVE-2025-57728: 
JetBrains IntelliJ IDEA vulnerability analysis and mitigation

In JetBrains IntelliJ IDEA before 2025.2, an improper access control vulnerability was discovered that allowed Code With Me guests to discover hidden files. The vulnerability was assigned CVE-2025-57728 and was disclosed on August 20, 2025 (JetBrains Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and can result in low impact to both confidentiality and integrity, with no impact on availability. The vulnerability is classified under CWE-863 (Incorrect Authorization) (AttackerKB).

The vulnerability allows Code With Me guests to discover hidden files in the system, potentially leading to unauthorized access to sensitive information. The impact is considered moderate with low confidentiality and integrity impacts (AttackerKB).

Users are advised to upgrade to IntelliJ IDEA version 2025.2 or later which contains the fix for this vulnerability (JetBrains Advisory).