CVE-2025-47851 is a stored Cross-Site Scripting (XSS) vulnerability identified in JetBrains TeamCity versions prior to 2025.03.2. The vulnerability arises from improper sanitization of input data received via the GitHub Checks Webhook integration. Specifically, malicious payloads embedded in webhook data can be stored and later rendered in the TeamCity web interface without adequate escaping or validation, allowing an attacker to execute arbitrary JavaScript code in the context of a logged-in user's browser session. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. The CVSS v3.1 base score is 4.8 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), user interaction (UI:R), scope changed (S:C), and limited confidentiality and integrity impact (C:L/I:L) but no availability impact (A:N). Exploitation requires an attacker to have high privileges within TeamCity and to trick a user into interacting with the malicious content. No known exploits are reported in the wild as of the publication date. The vulnerability affects the TeamCity product, a continuous integration and build management system widely used in software development environments to automate build, test, and deployment workflows. The flaw specifically targets the GitHub Checks Webhook feature, which integrates GitHub status checks into TeamCity pipelines. This vulnerability could allow an attacker with sufficient privileges to inject malicious scripts that execute in the browsers of other users viewing the affected interface, potentially leading to session hijacking, credential theft, or unauthorized actions within the TeamCity environment. The scope change in the CVSS vector indicates that the vulnerability can affect resources beyond the initially vulnerable component, potentially impacting the broader system or other users. The requirement for high privileges and user interaction reduces the likelihood of widespread exploitation but does not eliminate risk in environments where multiple users have elevated access and interact with the system regularly.

For European organizations using JetBrains TeamCity, this vulnerability poses a moderate risk primarily to the confidentiality and integrity of their build and deployment pipelines. Successful exploitation could allow attackers to execute malicious scripts in the browsers of users with access to TeamCity, potentially leading to session hijacking, unauthorized access to sensitive build data, or manipulation of build results. This could disrupt software development workflows, introduce malicious code into software releases, or leak proprietary information. Given that TeamCity is often integrated into critical DevOps processes, any compromise could have downstream effects on software supply chain security. The requirement for high privileges to exploit the vulnerability limits exposure to insider threats or attackers who have already gained elevated access. However, in large organizations with multiple administrators or developers with elevated rights, the risk remains significant. Additionally, the need for user interaction means that social engineering or phishing tactics might be used to trigger the exploit. European organizations with strict data protection regulations (e.g., GDPR) must consider the potential for data leakage or unauthorized access as a compliance risk. The vulnerability does not directly impact availability, so service disruption is less likely, but the integrity and confidentiality concerns could have serious operational and reputational consequences.

1. Upgrade TeamCity to version 2025.03.2 or later, where this vulnerability has been addressed. Applying the official patch is the most effective mitigation. 2. Restrict the number of users with high privileges in TeamCity to the minimum necessary, enforcing the principle of least privilege to reduce the attack surface. 3. Implement strict input validation and output encoding on any custom integrations or plugins interacting with GitHub webhooks to prevent injection of malicious scripts. 4. Monitor webhook payloads and logs for unusual or suspicious content that could indicate attempted exploitation. 5. Educate users with access to TeamCity about the risks of interacting with unexpected or suspicious content within the platform to reduce the risk of social engineering. 6. Consider isolating TeamCity instances or restricting access to trusted networks and users to limit exposure. 7. Employ Content Security Policy (CSP) headers in the TeamCity web interface to mitigate the impact of XSS by restricting the execution of unauthorized scripts. 8. Regularly audit and review TeamCity user permissions and webhook configurations to ensure they follow security best practices.