CVE-2025-64456: 
JetBrains ReSharper vulnerability analysis and mitigation

A local privilege escalation vulnerability was discovered in JetBrains ReSharper versions before 2025.2.4. The vulnerability (CVE-2025-64456) stems from missing signature verification in the DPA Collector component. The issue was disclosed on November 10, 2025, and affects all versions of ReSharper prior to version 2025.2.4 (NVD, JetBrains Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.4 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. The weakness is categorized under CWE-347 (Improper Verification of Cryptographic Signature). The vulnerability requires local access and low privileges to exploit, with no user interaction needed (NVD, ManageEngine).

If successfully exploited, this vulnerability allows an attacker with local access to escalate their privileges on the affected system. The vulnerability has high impacts on both confidentiality and integrity of the system, though availability is not affected (NVD).

Users are advised to upgrade to JetBrains ReSharper version 2025.2.4 or later to address this vulnerability (JetBrains Advisory).