CVE-2025-68267 MEDIUM

CVE-2025-68267

Vendor Jetbrains
Product TeamCity
Weakness CWE-272
Published December 16, 2025
Last update December 16, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token

Key dates

02Disclosure timeline

December 16, 2025 CVE published
December 16, 2025 Record updated