Security News > 2023 > October > Ransomware gangs now exploiting critical TeamCity RCE flaw
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server.
The flaw allows unauthenticated attackers to gain remote code execution after successfully exploiting an authentication bypass weakness in low-complexity attacks that don't require user interaction.
Swiss security firm Sonar published full technical details one week after JetBrains addressed the critical security issue with the release of TeamCity 2023.05.4 on September 21st. "This enables attackers not only to steal source code but also stored service secrets and private keys," Sonar vulnerability researcher Stefan Schiller explained.
Just days after Sonar published their blog post, multiple attackers started exploiting this critical auth bypass flaw, according to threat intelligence companies GreyNoise and PRODAFT. PRODAFT said that multiple ransomware operations have already added CVE-2023-42793 exploits to their arsenal and are using them to breach vulnerable TeamCity servers.
Hackers exploit critical Juniper RCE bug chain after PoC release.
Hackers actively exploiting Openfire flaw to encrypt servers.
News URL
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-19 | CVE-2023-42793 | Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 |