CVE-2025-57728 – This vulnerability in JetBrains IntelliJ IDEA a... (How to Fix)

Q: What is the severity of CVE-2025-57728?

CVE-2025-57728 has a CVSS score of 6.5 (MEDIUM). This vulnerability in JetBrains IntelliJ IDEA allows Code With Me guests to discover hidden files on the host system due to improper access control. It affects developers using IntelliJ IDEA's collaborative coding feature. The risk is limited to file discovery rather than modification or exfiltration.

📋 TL;DR

This vulnerability in JetBrains IntelliJ IDEA allows Code With Me guests to discover hidden files on the host system due to improper access control. It affects developers using IntelliJ IDEA's collaborative coding feature. The risk is limited to file discovery rather than modification or exfiltration.

💻 Affected Systems

Products:

JetBrains IntelliJ IDEA

Versions: All versions before 2025.2

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using Code With Me collaborative feature. Standalone installations without Code With Me sessions are not vulnerable.

📦 What is this software?

Intellij Idea by Jetbrains

View all CVEs affecting Intellij Idea →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Guest users could discover sensitive hidden files containing credentials, configuration secrets, or proprietary source code, potentially leading to further attacks.

🟠

Likely Case

Guests accidentally or intentionally discovering hidden project configuration files, temporary files, or IDE settings that weren't meant to be shared.

🟢

If Mitigated

Limited exposure of non-critical hidden files with minimal security impact.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires guest access to a Code With Me session. No authentication bypass needed beyond being invited as a guest.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.2 or later

Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/

Restart Required: No

Instructions:

1. Open IntelliJ IDEA. 2. Go to Help > Check for Updates. 3. Install version 2025.2 or newer. 4. The update applies automatically without restart.

🔧 Temporary Workarounds

Disable Code With Me

all

Temporarily disable the Code With Me feature to prevent exploitation

Go to Settings/Preferences > Tools > Code With Me and disable the feature

Restrict Guest Permissions

all

Limit guest permissions to read-only for specific files only

When starting Code With Me session, set guest permissions to minimal access

🧯 If You Can't Patch

Avoid using Code With Me with untrusted guests
Ensure no sensitive hidden files exist in shared project directories

🔍 How to Verify

Check if Vulnerable:

Check IntelliJ IDEA version in Help > About. If version is below 2025.2 and Code With Me is enabled, system is vulnerable.

Check Version:

Help > About in IntelliJ IDEA GUI (no CLI command available)

Verify Fix Applied:

Verify version is 2025.2 or newer in Help > About. Test Code With Me session to confirm hidden files are not accessible to guests.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in Code With Me session logs
Multiple hidden file access attempts by guest users

Network Indicators:

Code With Me session traffic showing file enumeration patterns

SIEM Query:

source="intellij" AND "Code With Me" AND ("hidden" OR "." file_access)

📊 Metadata

CVE ID: CVE-2025-57728

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-863

EPSS Score: 0.01% exploit probability (0.8th percentile)

Published: August 20, 2025

Last Updated: August 21, 2025

🔗 References

https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57728, you might also want to check these: