CVE-2025-67741 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting JetBrains TeamCity versions before 2025.11. The vulnerability stems from inadequate sanitization of session attributes, which allows an attacker with at least limited privileges (PR:L) to inject malicious scripts that are stored and later executed in the context of other users’ browsers. The attack vector is network-based (AV:N), requiring user interaction (UI:R) such as clicking a crafted link or visiting a malicious page within the TeamCity environment. The vulnerability impacts confidentiality and integrity by potentially exposing sensitive session data or enabling unauthorized actions via script execution, but it does not affect system availability. The CVSS 3.1 score of 4.8 reflects medium severity, considering the ease of exploitation is low due to the need for privileges and user interaction. No public exploits are known at this time, but the risk remains significant for environments where TeamCity is used for build and deployment pipelines. The lack of a patch link indicates that a fix may be pending or forthcoming. Given TeamCity’s role in CI/CD, exploitation could facilitate further attacks on development infrastructure or supply chain compromise.

For European organizations, this vulnerability poses a risk primarily to the confidentiality and integrity of development and deployment environments. Successful exploitation could allow attackers to execute arbitrary scripts within the TeamCity web interface, potentially leading to session hijacking, theft of sensitive build information, or unauthorized modifications to build configurations. This could disrupt software supply chains, leading to compromised software artifacts or leakage of proprietary code. While availability is not directly impacted, the indirect effects on development workflows and trust in build integrity could be significant. Organizations heavily reliant on TeamCity for continuous integration and deployment, especially those in regulated industries or with critical software assets, face increased risk. The medium severity suggests that while immediate widespread exploitation is unlikely, targeted attacks against high-value development environments are plausible.

1. Apply the official JetBrains TeamCity update to version 2025.11 or later as soon as it becomes available to remediate the vulnerability. 2. Until patching is possible, implement strict input validation and sanitization on all user-controllable inputs, especially session attributes, to prevent injection of malicious scripts. 3. Enforce Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the TeamCity web interface. 4. Limit user privileges within TeamCity to the minimum necessary, reducing the attack surface for privilege-limited attackers. 5. Monitor TeamCity logs for unusual activity or attempts to inject scripts. 6. Educate users to be cautious with links and interactions within the TeamCity environment to reduce the risk of user interaction exploitation. 7. Consider network segmentation and access controls to restrict exposure of TeamCity interfaces to trusted users only.