cbcvebase.

Jetbrains Toolbox vulnerabilities

11 known vulnerabilities affecting jetbrains/toolbox.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2020-25207P2CRITICALCVSS 9.8fixed in 1.182020-11-16
CVE-2020-25207 [CRITICAL] CVE-2020-25207: JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
nvd
CVE-2025-43012P3CRITICALCVSS 9.8fixed in 2.62025-04-17
CVE-2025-43012 [CRITICAL] CWE-77 CVE-2025-43012: In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible
nvd
CVE-2025-43013P3HIGHCVSS 7.5fixed in 2.62025-04-17
CVE-2025-43013 [HIGH] CWE-319 CVE-2025-43013: In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication wa In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
nvd
CVE-2022-48481P3HIGHCVSS 7.8fixed in 1.282023-04-28
CVE-2022-48481 [HIGH] CWE-691 CVE-2022-48481: In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
nvd
CVE-2019-18368P3HIGHCVSS 7.3fixed in 1.15.56662019-10-31
CVE-2019-18368 [HIGH] CVE-2019-18368: In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
nvd
CVE-2020-15827P3HIGHCVSS 7.5≥ 1.17, < 1.17.68562020-08-08
CVE-2020-15827 [HIGH] CWE-347 CVE-2020-15827: In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the j In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
nvd
CVE-2020-25013P4HIGHCVSS 7.5fixed in 1.182020-11-16
CVE-2020-25013 [HIGH] CVE-2020-25013: JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser prot JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
nvd
CVE-2025-42921P4MEDIUMCVSS 6.5fixed in 2.62025-04-17
CVE-2025-42921 [MEDIUM] CWE-297 CVE-2025-42921: In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
nvd
CVE-2025-43014P4MEDIUMCVSS 6.5fixed in 2.62025-04-17
CVE-2025-43014 [MEDIUM] CWE-304 CVE-2025-43014: In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user c In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
nvd
CVE-2019-14959P4MEDIUMCVSS 5.9fixed in 1.15.56052019-10-02
CVE-2019-14959 [MEDIUM] CWE-319 CVE-2019-14959: JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
nvd
CVE-2024-24943P4MEDIUMCVSS 5.5fixed in 2.22024-02-06
CVE-2024-24943 [MEDIUM] CWE-400 CVE-2024-24943: In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
nvd
Jetbrains Toolbox vulnerabilities | cvebase