Volerion logoVolerion
Volerion logoVolerion

JetBrains IntelliJ IDEA Credentials Disclosure Vulnerability via Remote Reference

Vulnerability

A vulnerability allowing credentials disclosure was identified in JetBrains IntelliJ IDEA versions prior to 2025.2. This issue arose from the built-in web server leaking information about open projects, which could be exploited by sending a crafted request that referenced a project with sensitive data. The vulnerability was reported by a JetBrains user.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive credentials, such as GitHub access tokens, which could be exposed to third-party sites.

Reproduction

To reproduce this vulnerability, open a project in JetBrains IntelliJ IDEA version prior to 2025.2. The built-in web server will automatically leak information about the project, including sensitive credentials, through an unsecured HTTP connection. This can be exacerbated by crafting a request that references a project containing sensitive data.

Remediation

Users can update to JetBrains IntelliJ IDEA version 2025.2 or later, where this vulnerability has been fixed.

Added: Aug 20, 2025, 10:27 AM
Updated: Aug 20, 2025, 10:27 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
4.8
remediation
7.7
relevance
0.4
threat
1.6
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.