An authentication bypass in JetBrains Hub allows unauthenticated remote attackers to gain administrative control over the platform, compromising all managed user accounts and integrations.

The vulnerability allows an unauthenticated attacker to bypass the standard login process. Once bypassed, the attacker can perform actions with administrative privileges, granting them full control over the Hub instance.

JetBrains Hub serves as a central authorization and user management point. A CVSS score of 9.1 reflects the critical risk; a successful exploit allows an attacker to modify user permissions, access sensitive integration tokens, and potentially pivot into other JetBrains tools like YouTrack or TeamCity, leading to a massive supply chain or data breach.

Immediate Action: Update JetBrains Hub to version 2025.3.119807 or later immediately.

Proactive Monitoring: Review administrative audit logs for any actions performed by unexpected IP addresses or during unusual timeframes.

Compensating Controls: Place the Hub instance behind a VPN or implement IP-based access control lists (ACLs) to restrict access to the administrative interface.

Public Exploit Available: false

Given that this is an unauthenticated authentication bypass, it must be treated with the highest urgency. Organizations should apply the update immediately to prevent unauthorized access to their identity management infrastructure.