CVE-2025-57734 is a medium-severity vulnerability identified in JetBrains TeamCity, a popular continuous integration and continuous deployment (CI/CD) server used by development teams to automate build, test, and deployment processes. The vulnerability is classified under CWE-538, which pertains to exposure of information through inclusion in source code repositories or scripts. Specifically, in versions of TeamCity prior to 2025.07.1, AWS credentials were inadvertently exposed within Docker script files. These scripts, used to build and deploy containerized applications, contained sensitive AWS access keys that could be accessed by unauthorized parties if the scripts were improperly secured or shared. The CVSS v3.1 base score for this vulnerability is 4.3, indicating a medium severity level. The vector indicates that the attack can be performed remotely (AV:N), requires low attack complexity (AC:L), but requires some level of privileges (PR:L) on the TeamCity server, and does not require user interaction (UI:N). The impact is limited to confidentiality (C:L) with no impact on integrity or availability. No known exploits are reported in the wild as of the publication date. The vulnerability arises from insecure handling and storage of AWS credentials in Docker scripts, which could lead to unauthorized disclosure of these credentials if an attacker gains access to the TeamCity server or its repositories. This exposure could allow attackers to leverage AWS resources or access sensitive cloud infrastructure if the credentials have sufficient permissions.

For European organizations relying on JetBrains TeamCity for their CI/CD pipelines, this vulnerability poses a risk of AWS credential leakage, potentially leading to unauthorized access to cloud resources. The confidentiality breach could result in data exposure, unauthorized resource usage, or additional lateral movement within cloud environments. While the vulnerability requires some level of privilege on the TeamCity server, insider threats or attackers who have already compromised the build environment could exploit this to escalate their access. Given the widespread adoption of AWS and TeamCity in Europe, organizations using these tools in sectors such as finance, healthcare, and critical infrastructure could face regulatory and operational risks if their cloud credentials are compromised. The exposure of AWS credentials could also lead to compliance violations under GDPR if personal data stored or processed in AWS is accessed or exfiltrated. However, the lack of impact on integrity and availability reduces the risk of direct service disruption or data tampering from this vulnerability alone.

European organizations should immediately upgrade JetBrains TeamCity to version 2025.07.1 or later, where this vulnerability is addressed. In addition, organizations should audit all Docker scripts and build configurations for embedded AWS credentials and remove any hardcoded secrets. Implementing secure secret management solutions, such as AWS Secrets Manager or HashiCorp Vault, integrated with TeamCity pipelines can prevent credential exposure in scripts. Access to TeamCity servers should be tightly controlled with role-based access controls and multi-factor authentication to reduce the risk of privilege escalation. Regularly rotating AWS credentials and monitoring AWS CloudTrail logs for unusual activity can help detect and mitigate potential misuse. Organizations should also review their CI/CD pipeline security posture, ensuring that sensitive information is never stored in plaintext within code repositories or build artifacts. Finally, conducting security awareness training for developers and DevOps teams on secure handling of credentials is recommended.