This page lists publicly disclosed CVE vulnerabilities affecting jetbrains toolbox (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-43014 | In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation | [email protected] | 6.1 | 0.18% | 2025-04-17 | 2026-06-17 |
| CVE-2025-43013 | In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible | [email protected] | 6.9 | 0.13% | 2025-04-17 | 2026-06-17 |
| CVE-2025-43012 | In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | [email protected] | 8.3 | 0.66% | 2025-04-17 | 2026-06-17 |
| CVE-2025-42921 | In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin | [email protected] | 4.2 | 0.16% | 2025-04-17 | 2026-06-17 |
| CVE-2024-24943 | In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image | [email protected] | 5.3 | 0.41% | 2024-02-06 | 2026-06-17 |
| CVE-2022-48481 | In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | [email protected] | 5.2 | 0.21% | 2023-04-28 | 2026-06-17 |
| CVE-2020-25207 | JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | [email protected] | 9.8 | 4.38% | 2020-11-16 | 2026-06-16 |
| CVE-2020-25013 | JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. | [email protected] | 7.5 | 1.37% | 2020-11-16 | 2026-06-16 |
| CVE-2020-15827 | In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. | [email protected] | 7.5 | 0.69% | 2020-08-08 | 2026-06-16 |
| CVE-2019-18368 | In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | [email protected] | 7.3 | 1.04% | 2019-10-31 | 2026-06-16 |
| CVE-2019-14959 | JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection. | [email protected] | 5.9 | 0.66% | 2019-10-02 | 2026-06-16 |