CVE-2025-67739 – This vulnerability in JetBrains TeamCity allows... (How to Fix)

Q: What is the severity of CVE-2025-67739?

CVE-2025-67739 has a CVSS score of 3.1 (LOW). This vulnerability in JetBrains TeamCity allows attackers to disclose local file paths through improper repository URL validation. It affects TeamCity servers with repository integrations configured. The impact is limited to information disclosure rather than code execution.

📋 TL;DR

This vulnerability in JetBrains TeamCity allows attackers to disclose local file paths through improper repository URL validation. It affects TeamCity servers with repository integrations configured. The impact is limited to information disclosure rather than code execution.

💻 Affected Systems

Products:

JetBrains TeamCity

Versions: All versions before 2025.11.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires repository integration features to be configured and accessible.

📦 What is this software?

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map internal server directory structures, potentially revealing sensitive configuration files or credentials stored in predictable locations.

🟠

Likely Case

Limited path disclosure revealing TeamCity installation directories and repository paths, which could aid in further reconnaissance attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is minimal as only path information is disclosed without file content.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to repository configuration functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.11.2 or later

Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/

Restart Required: Yes

Instructions:

1. Backup TeamCity configuration and data. 2. Download TeamCity 2025.11.2 or later from JetBrains website. 3. Stop TeamCity service. 4. Install the updated version. 5. Restart TeamCity service. 6. Verify functionality.

🔧 Temporary Workarounds

Restrict Repository Configuration Access

all

Limit access to repository configuration features to authorized administrators only

Network Segmentation

all

Place TeamCity server behind firewall with restricted access to repository configuration endpoints

🧯 If You Can't Patch

Implement strict access controls to repository configuration interfaces
Monitor logs for unusual repository URL validation attempts

🔍 How to Verify

Check if Vulnerable:

Check TeamCity version via Administration → Server Administration → Server Health → Version

Check Version:

Check TeamCity web interface or server logs for version information

Verify Fix Applied:

Verify version is 2025.11.2 or later and test repository URL validation functionality

📡 Detection & Monitoring

Log Indicators:

Unusual repository URL validation requests
Path disclosure patterns in error logs

Network Indicators:

Multiple requests to repository configuration endpoints from unauthorized sources

SIEM Query:

source="teamcity" AND ("repository" OR "url validation") AND error

📊 Metadata

CVE ID: CVE-2025-67739

CVSS v3 Score: 3.1 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-939

EPSS Score: 0% exploit probability (0.1th percentile)

Published: December 11, 2025

Last Updated: December 23, 2025

🔗 References

https://www.jetbrains.com/privacy-security/issues-fixed/ Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67739, you might also want to check these: