CVE-2025-57730: 
JetBrains IntelliJ IDEA vulnerability analysis and mitigation

In JetBrains IntelliJ IDEA before version 2025.2, an HTML injection vulnerability was discovered via the Remote Development feature (NVD, JetBrains Advisory). The vulnerability was disclosed on August 20, 2025, and received initial analysis by NIST on August 21, 2025.

The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N by NIST, while JetBrains assessed it with a slightly higher score of 5.2 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) (NVD).

The vulnerability allows for HTML injection attacks through the Remote Development feature, potentially leading to limited confidentiality and integrity breaches in a contained scope. The attack requires local access and low privileges to execute (NVD).

Users are advised to upgrade to IntelliJ IDEA version 2025.2 or later to address this vulnerability. The fix has been included in this version as confirmed by JetBrains (JetBrains Advisory).