JetBrains TeamCity <2025.11.2 Rp URL Validation flaw => Local Path Disclosure
CVE-2025-67739 Published on December 11, 2025
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
Vulnerability Analysis
CVE-2025-67739 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Improper Authorization in Handler for Custom URL Scheme
The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme. Mobile platforms and other architectures allow the use of custom URL schemes to facilitate communication between applications. In the case of iOS, this is the only method to do inter-application communication. The implementation is at the developer's discretion which may open security flaws in the application. An example could be potentially dangerous functionality such as modifying files through a custom URL scheme.
Products Associated with CVE-2025-67739
Want to know whenever a new CVE is published for JetBrains Teamcity? stack.watch will email you.
Affected Versions
JetBrains TeamCity:- Before 2025.11.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.