JetBrains Toolbox
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in JetBrains Toolbox.
By the Year
In 2025 there have been 3 vulnerabilities in JetBrains Toolbox with an average score of 6.8 out of ten. Last year, in 2024 Toolbox had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.33.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 3 | 6.83 |
| 2024 | 1 | 5.50 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 8.27 |
| 2019 | 2 | 6.60 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Toolbox vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent JetBrains Toolbox Security Vulnerabilities
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
CVE-2025-43014
6.5 - Medium
- April 17, 2025
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
Missing Critical Step in Authentication
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
CVE-2025-43013
7.5 - High
- April 17, 2025
In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible
Cleartext Transmission of Sensitive Information
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
CVE-2025-42921
6.5 - Medium
- April 17, 2025
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
Improper Validation of Certificate with Host Mismatch
In JetBrains Toolbox App before 2.2 a DoS attack was possible
CVE-2024-24943
5.5 - Medium
- February 06, 2024
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
Resource Exhaustion
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack
CVE-2020-25013
7.5 - High
- November 16, 2020
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution
CVE-2020-25207
9.8 - Critical
- November 16, 2020
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
In JetBrains ToolBox version 1.17 before 1.17.6856
CVE-2020-15827
7.5 - High
- August 08, 2020
In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.
Improper Verification of Cryptographic Signature
In JetBrains Toolbox App before 1.15.5666 for Windows
CVE-2019-18368
7.3 - High
- October 31, 2019
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.
JetBrains Toolbox before 1.15.5605 was resolving an internal URL
CVE-2019-14959
5.9 - Medium
- October 02, 2019
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.
Missing Encryption of Sensitive Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for JetBrains Toolbox or by JetBrains? Click the Watch button to subscribe.
