CVE-2025-26493

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Feb 11, 2025

CWE ID 79

Summary

CVE-2025-26493 is a DOM-based XSS vulnerability affecting JetBrains TeamCity versions prior to 2024.12.2. This issue allows an attacker to inject malicious scripts into the Code Inspection Report tab, potentially leading to compromise of user sessions or data theft. Users are advised to upgrade to the latest version of TeamCity to mitigate this risk. The vulnerability stems from insufficient input validation in the handling of user-supplied data, enabling an attacker to manipulate the webpage and execute arbitrary code in the user's browser.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3Qepci
https://www.cve.org/CVERecord?id=CVE-2025-26493
https://nvd.nist.gov/vuln/detail/CVE-2025-26493

Back to Vulnerability Database

CVE-2025-26493

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations