CVE-2025-64684 is a vulnerability identified in JetBrains YouTrack, a popular issue tracking and project management tool widely used in software development environments. The vulnerability is categorized under CWE-862, which pertains to improper authorization. Specifically, in versions of YouTrack prior to 2025.3.104432, the feedback form component does not adequately enforce authorization checks, allowing an attacker with low privileges and network access to disclose information that should be restricted. The vulnerability does not require user interaction and does not impact the integrity or availability of the system, but it compromises confidentiality by exposing potentially sensitive data through the feedback mechanism. The CVSS v3.1 base score is 4.5, indicating a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), and unchanged scope (S:U). No public exploits are known at this time, and no patch links have been provided yet, suggesting that the fix may be forthcoming or under distribution by JetBrains. The vulnerability’s presence in a widely used tool like YouTrack means that organizations relying on it for internal or external issue tracking could face risks of unauthorized information disclosure if they have not updated to the patched version.

For European organizations, the primary impact of CVE-2025-64684 is unauthorized disclosure of information via the feedback form in YouTrack. This could lead to leakage of sensitive project details, internal communications, or user feedback data, potentially exposing intellectual property or confidential business information. While the vulnerability does not affect system integrity or availability, the confidentiality breach could undermine trust, lead to compliance issues under GDPR, and expose organizations to targeted social engineering or further attacks. Organizations with externally accessible YouTrack instances or those that allow low-privilege users to submit feedback are at higher risk. The impact is particularly relevant for sectors with high reliance on software development and project management tools, such as technology firms, financial institutions, and government agencies across Europe. The medium severity rating reflects the limited scope of impact but does not diminish the importance of timely remediation to prevent information leakage.

To mitigate CVE-2025-64684, European organizations should take the following specific actions: 1) Immediately verify the version of JetBrains YouTrack in use and plan an upgrade to version 2025.3.104432 or later once it is available. 2) Restrict network access to YouTrack instances, especially the feedback form endpoint, by implementing network segmentation, firewalls, or VPN requirements to limit exposure to trusted users only. 3) Review and tighten authorization policies around the feedback form to ensure only authorized users can submit or view feedback data. 4) Monitor logs for unusual access patterns or attempts to exploit the feedback form. 5) Educate internal teams about the vulnerability and encourage reporting of suspicious activity related to YouTrack. 6) If immediate patching is not possible, consider temporarily disabling the feedback form or implementing custom access controls to reduce risk. 7) Stay informed through JetBrains security advisories for official patches and updates. These measures go beyond generic advice by focusing on access control hardening and proactive monitoring tailored to the feedback form vector.