CVE-2025-47854 is an open redirect vulnerability identified in JetBrains TeamCity, a popular continuous integration and build management system used by development teams to automate software builds and deployments. This vulnerability affects versions of TeamCity prior to 2025.03.2 and is classified under CWE-601, which pertains to improper redirection or forwarding. The issue occurs specifically on the editing VCS (Version Control System) Root page, where an attacker can craft a malicious URL that causes the application to redirect users to an arbitrary external site. The vulnerability has a CVSS v3.1 base score of 4.3, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) shows that the attack can be performed remotely over the network without privileges, requires user interaction (clicking the malicious link), and impacts confidentiality to a limited extent by potentially exposing users to phishing or credential theft via redirection. There is no impact on integrity or availability. No known exploits are currently reported in the wild, and no official patches have been linked yet, though the vulnerability is publicly disclosed and tracked by JetBrains and CISA. The vulnerability arises due to insufficient validation or sanitization of redirect URLs on the VCS Root editing interface, allowing attackers to manipulate the redirect target parameter to arbitrary external domains.

For European organizations using JetBrains TeamCity, this vulnerability poses a moderate risk primarily related to phishing and social engineering attacks. Attackers could exploit the open redirect to craft URLs that appear to originate from a trusted internal TeamCity instance but redirect users to malicious websites designed to steal credentials or deliver malware. This can undermine user trust in internal development tools and potentially lead to credential compromise if users are tricked into entering sensitive information on attacker-controlled sites. While the vulnerability does not directly compromise the integrity or availability of TeamCity or the build pipeline, successful exploitation could facilitate further attacks by harvesting credentials or delivering payloads through redirected links. Organizations with large development teams or those relying heavily on TeamCity for CI/CD pipelines may face increased risk of targeted phishing campaigns leveraging this vulnerability. The impact is more pronounced in environments where users have elevated access or where TeamCity is exposed beyond internal networks, such as in hybrid or cloud deployments.

To mitigate this vulnerability, European organizations should prioritize upgrading JetBrains TeamCity to version 2025.03.2 or later once the patch is available. Until then, administrators can implement strict URL validation and filtering on the VCS Root editing page to ensure redirect URLs are limited to trusted internal domains only. Network-level controls such as web application firewalls (WAFs) can be configured to detect and block suspicious redirect patterns. User awareness training should emphasize caution when clicking on links purportedly from TeamCity, especially those received via email or external sources. Additionally, organizations should audit their TeamCity instance access controls to restrict exposure to trusted users and networks, minimizing the attack surface. Monitoring logs for unusual redirect requests or user complaints about suspicious redirects can help detect attempted exploitation. Finally, integrating multi-factor authentication (MFA) for TeamCity access can reduce the impact of credential theft resulting from phishing attempts leveraging this vulnerability.