Lucene search
K

JetBrains ReSharper < 2025.2.4 Local Privilege Escalation (CVE-2025-64456)

🗓️ 14 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

JetBrains ReSharper before 2025.2.4 enables local privilege escalation via DPA Collector signature verification failure (CVE-2025-64456).

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the DPA Collector component of the ReSharper plugin in the cross-platform integrated development environment of JetBrains Rider allows attackers to escalate their privileges.
12 Nov 202500:00
bdu_fstec
Circl
CVE-2025-64456
10 Nov 202515:56
circl
CNNVD
JetBrains ReSharper 数据伪造问题漏洞
10 Nov 202500:00
cnnvd
CVE
CVE-2025-64456
10 Nov 202513:28
cve
Cvelist
CVE-2025-64456
10 Nov 202513:28
cvelist
EUVD
EUVD-2025-44046
10 Nov 202515:31
euvd
NVD
CVE-2025-64456
10 Nov 202514:15
nvd
OSV
CVE-2025-64456
10 Nov 202514:15
osv
Positive Technologies
PT-2025-46148
10 Nov 202500:00
ptsecurity
RedhatCVE
CVE-2025-64456
11 Nov 202513:44
redhatcve
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(275464);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/14");

  script_cve_id("CVE-2025-64456");
  script_xref(name:"IAVA", value:"2025-A-0837");

  script_name(english:"JetBrains ReSharper < 2025.2.4 Local Privilege Escalation (CVE-2025-64456)");

  script_set_attribute(attribute:"synopsis", value:
"The JetBrains ReSharper install on the remote host is affected by a local privilege escalation vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of JetBrains ReSharper installed on the remote host is prior to 2025.2.4, and is, therefore, affected by 
a local privilege escalation vulnerability:

  - In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege
    escalation. (CVE-2025-64456)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.jetbrains.com/privacy-security/issues-fixed/?product=ReSharper&version=2025.2.4
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f735b954");
  script_set_attribute(attribute:"solution", value:
"Upgrade to JetBrains ReSharper 2025.2.4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-64456");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:jetbrains:resharper");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jetbrains_resharper_win_installed.nbin");
  script_require_keys("installed_sw/JetBrains ReSharper");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'JetBrains ReSharper', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints' : [
        { 'fixed_version':'2025.2.4' }
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Nov 2025 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 3.17.8 - 8.4
EPSS0.00085
SSVC
2