Skip to content
Threat Feed
medium advisory

JetBrains IntelliJ IDEA Vulnerability

A vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1 and 2026.1.1, requiring users to update to the latest versions.

On April 30, 2026, JetBrains released a security advisory addressing a vulnerability in IntelliJ IDEA. The vulnerability affects IntelliJ IDEA versions prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1. This vulnerability requires users and administrators to update their IntelliJ IDEA installations to the latest versions to mitigate potential risks. The advisory highlights the importance of maintaining up-to-date software to prevent exploitation by malicious actors.

Attack Chain

  1. Attacker identifies a vulnerable IntelliJ IDEA instance running an outdated version (e.g., 2024.3.6).
  2. Attacker crafts a malicious project or plugin targeting the identified vulnerability.
  3. Attacker lures a developer into opening the malicious project or installing the malicious plugin.
  4. The malicious project or plugin executes arbitrary code within the IntelliJ IDEA environment.
  5. The code gains access to sensitive information, such as credentials, API keys, or source code.
  6. The attacker uses the stolen credentials to access internal systems or cloud resources.
  7. Attacker exfiltrates sensitive data or implants malware for persistence.

Impact

Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, including source code, credentials, and internal systems. This could result in data breaches, intellectual property theft, and potential supply chain attacks. The impact is significant for organizations relying on IntelliJ IDEA for software development, potentially affecting thousands of developers and their projects.

Recommendation

  • Upgrade JetBrains IntelliJ IDEA to the latest version (2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1 and 2026.1.1 or later) to patch the vulnerability as recommended by JetBrains advisory.
  • Implement strict plugin review processes to prevent the installation of malicious plugins in IntelliJ IDEA.
  • Monitor network traffic originating from IntelliJ IDEA processes for suspicious activity indicative of data exfiltration.

Detection coverage 2

Detect IntelliJ IDEA Process Creation with Suspicious Arguments

low

Detects IntelliJ IDEA processes spawned with command-line arguments indicative of exploitation attempts.

sigma tactics: initial_access techniques: T1189 sources: process_creation, windows

Detect Network Connections from IntelliJ IDEA to Uncommon Ports

medium

Detects network connections from IntelliJ IDEA processes to ports typically not associated with development activities.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are available on the platform. Get full rules →