CVE-2025-64456

Published Nov 10, 2025

Last updated 4 months ago

CVSS high 8.4

Overview

Description
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
Source
cve@jetbrains.com
NVD status
Analyzed
Products
resharper

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@jetbrains.com
CWE-347

Social media

Hype score
Not currently trending

  1. **CVE-2025-64456** pertains to a security flaw present in **JetBrains ReSharper** versions prior to 2025.2.4. The issue arises from a missing signature verification in **DPA Collector** — a component likely responsible for collecting or transmitting diagnostics or telemetry dat

    @CveTodo

    10 Nov 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race conditionCVE-2025-64457
  2. In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possibleCVE-2025-23385

References

Sources include official advisories and independent security research.