CVE-2025-64682

Published Nov 10, 2025

Last updated 4 months ago

CVSS low 2.7

Overview

Description
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
Source
cve@jetbrains.com
NVD status
Analyzed
Products
hub

Risk scores

CVSS 3.1

Type
Primary
Base score
3.7
Impact score
1.4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

cve@jetbrains.com
CWE-362
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-362

Social media

Hype score
Not currently trending

  1. CVE-2025-64682 In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit https://t.co/hQk75DsS6w

    @CVEnew

    10 Nov 2025

    271 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possibleCVE-2026-25848
  2. Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.CVE-2025-65784
  3. An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.CVE-2025-65783
  4. In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users APICVE-2025-64683
  5. In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitationsCVE-2025-64681

References

Sources include official advisories and independent security research.