CVE-2025-57729: 
JetBrains IntelliJ IDEA vulnerability analysis and mitigation

CVE-2025-57729 affects JetBrains IntelliJ IDEA versions before 2025.2, where unexpected plugin startup was possible due to automatic LSP server start. The vulnerability was discovered and disclosed on August 20, 2025, and was assigned CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (HIGH) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L. The attack vector is Local (AV:L), with Low attack complexity (AC:L), requiring Low privileges (PR:L), and No user interaction (UI:N). The scope is Unchanged (S:U), with High impact on both Confidentiality (C:H) and Integrity (I:H), and Low impact on Availability (A:L) (NVD).

The vulnerability has significant potential impact on system security with High severity ratings for both Confidentiality and Integrity, indicating that an attacker could potentially gain substantial access to system resources and modify system data. The Low availability impact suggests minimal disruption to system operations (NVD).

Users are advised to upgrade to JetBrains IntelliJ IDEA version 2025.2 or later to address this vulnerability (JetBrains).