Toolbox JetBrains Toolbox

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in JetBrains Toolbox.

By the Year

In 2025 there have been 3 vulnerabilities in JetBrains Toolbox with an average score of 6.8 out of ten. Last year, in 2024 Toolbox had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.33.




Year Vulnerabilities Average Score
2025 3 6.83
2024 1 5.50
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 3 8.27
2019 2 6.60
2018 0 0.00

It may take a day or so for new Toolbox vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent JetBrains Toolbox Security Vulnerabilities

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

CVE-2025-43014 6.5 - Medium - April 17, 2025

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

Missing Critical Step in Authentication

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

CVE-2025-43013 7.5 - High - April 17, 2025

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

Cleartext Transmission of Sensitive Information

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

CVE-2025-42921 6.5 - Medium - April 17, 2025

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

Improper Validation of Certificate with Host Mismatch

In JetBrains Toolbox App before 2.2 a DoS attack was possible

CVE-2024-24943 5.5 - Medium - February 06, 2024

In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image

Resource Exhaustion

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack

CVE-2020-25013 7.5 - High - November 16, 2020

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution

CVE-2020-25207 9.8 - Critical - November 16, 2020

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

In JetBrains ToolBox version 1.17 before 1.17.6856

CVE-2020-15827 7.5 - High - August 08, 2020

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.

Improper Verification of Cryptographic Signature

In JetBrains Toolbox App before 1.15.5666 for Windows

CVE-2019-18368 7.3 - High - October 31, 2019

In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible.

JetBrains Toolbox before 1.15.5605 was resolving an internal URL

CVE-2019-14959 5.9 - Medium - October 02, 2019

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection.

Missing Encryption of Sensitive Data

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for JetBrains Toolbox or by JetBrains? Click the Watch button to subscribe.

JetBrains
Vendor

subscribe