What the vulnerability does
01Description
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
CVSS base score
2.7/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
December 11, 2025
CVE published
December 11, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-48475 FreeScout Vulnerable to Insufficient Authorization
CVE-2023-43609 Emerson Rosemount GC370XA, GC700XA, GC1500XA Improper Authorization
CVE-2023-22500 glpi Unauthorized access to inventory files
CVE-2025-3611 Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions
CVE-2026-42883 Audiobookshelf: Cross-library file exfiltration via unscoped bulk download endpoint
