CVE-2025-52875 – JetBrains TeamCity DOM-Based Cross-Site Scripting Vulnerability

Vulnerability

Patched

A DOM-based cross-site scripting vulnerability has been identified in JetBrains TeamCity versions prior to 2025.03.3. This issue occurs on the Performance Monitor page, where user input is not properly sanitized, allowing for the injection of malicious scripts that could be executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for DOM-based cross-site scripting, where an attacker can inject and execute malicious scripts in the user's browser.

Remediation

Users can upgrade to JetBrains TeamCity version 2025.03.3 or later to address this vulnerability.

Added: Jun 23, 2025, 3:27 PM

Updated: Jun 23, 2025, 3:27 PM

Affected Products

JetBrains TeamCity

Moderate fix1 remedy

cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2025.03.3

JetBrains YouTrack

Moderate fix2 remedies

cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*

Moderate fix2 remedies

< 2025.1.76253
< 2025.1.74704

JetBrains Rider

Moderate fix1 remedy

cpe:2.3:a:jetbrains:rider:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2025.1.2

JetBrains RubyMine

Moderate fix1 remedy

cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2025.1

JetBrains Toolbox App

Moderate fix1 remedy

cpe:2.3:a:jetbrains:toolbox:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2.6

JetBrains IntelliJ IDEA

Moderate fix2 remedies

cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*

Moderate fix2 remedies

< 2024.3
< 2024.2.4

JetBrains Ktor

Moderate fix1 remedy

cpe:2.3:a:jetbrains:ktor:*:*:*:*:*:*:*

Moderate fix1 remedy

< 3.1.1

JetBrains dotTrace

Moderate fix3 remedies

cpe:2.3:a:jetbrains:dottrace:*:*:*:*:*:*:*

Moderate fix3 remedies

< 2024.3.4
< 2024.2.8
< 2024.1.7

JetBrains Hub

Moderate fix1 remedy

cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2024.3.55417

JetBrains WebStorm

Moderate fix1 remedy

cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2024.3

JetBrains CLion

Moderate fix1 remedy

cpe:2.3:a:jetbrains:clion:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2024.3

JetBrains DataGrip

Moderate fix1 remedy

cpe:2.3:a:jetbrains:datagrip:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2024.3

JetBrains DataSpell

Moderate fix1 remedy

cpe:2.3:a:jetbrains:dataspell:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2024.3

JetBrains PhpStorm

Moderate fix1 remedy

cpe:2.3:a:jetbrains:phpstorm:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2024.3

JetBrains PyCharm

Moderate fix1 remedy

cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2024.3

JetBrains RustRover

Moderate fix1 remedy

cpe:2.3:a:jetbrains:rustrover:*:*:*:*:*:*:*

Moderate fix1 remedy

< 2024.1.1

CVSS Scores

volerion

5.1

CVSS 4.0

5.1

Medium

volerion

5.4

CVSS 3.1

5.4

Medium

Vendor

5.4

CVSS 3.1

5.4

Medium

Click a row to open the calculator.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

AdvisoryBundleVendor

Showing 1-1 of 1 references

JetBrains TeamCity DOM-Based Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

JetBrains TeamCity

JetBrains YouTrack

JetBrains Rider

JetBrains RubyMine

JetBrains Toolbox App

JetBrains IntelliJ IDEA

JetBrains Ktor

JetBrains dotTrace

JetBrains Hub

JetBrains WebStorm

JetBrains CLion

JetBrains DataGrip

JetBrains DataSpell

JetBrains PhpStorm

JetBrains PyCharm

JetBrains RustRover

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating