CVE-2025-68163 is a stored Cross-Site Scripting (XSS) vulnerability identified in JetBrains TeamCity, a popular continuous integration and build management system. The vulnerability exists on the agentpushInstall page in versions prior to 2025.11. Stored XSS occurs when malicious input is saved by the application and later rendered in a way that executes scripts in the browsers of other users. In this case, an attacker with high privileges (PR:H) and requiring user interaction (UI:R) can inject malicious JavaScript code that will execute when other users access the affected page. The CVSS vector indicates the attack can be performed remotely over the network (AV:N) with low attack complexity (AC:L), but requires authentication and user interaction, limiting the attack surface. The impact on confidentiality and integrity is low (C:L, I:L), with no impact on availability (A:N). This vulnerability could allow attackers to steal session tokens, perform actions on behalf of users, or manipulate the user interface, potentially leading to further exploitation within the CI/CD environment. No public exploits are known at this time, and JetBrains has not yet released a patch. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS.

For European organizations, the impact of CVE-2025-68163 is primarily on the security of development pipelines and build environments. Compromise of TeamCity through stored XSS could allow attackers to hijack user sessions, escalate privileges, or inject malicious code into build processes, potentially leading to supply chain attacks or unauthorized access to sensitive source code and build artifacts. Although the severity is low, organizations with critical software development operations could face reputational damage, intellectual property theft, or disruption of development workflows. The requirement for high privileges and user interaction reduces the likelihood of widespread exploitation, but insider threats or compromised credentials could increase risk. Organizations in sectors such as finance, telecommunications, and technology in Europe, which rely heavily on CI/CD tools, may be particularly concerned about this vulnerability.

To mitigate CVE-2025-68163, European organizations should implement the following specific measures: 1) Restrict access to the agentpushInstall page to only trusted administrators and users with a legitimate need, minimizing exposure. 2) Enforce strong authentication and session management policies to reduce the risk of credential compromise. 3) Monitor TeamCity logs and user activity for unusual behavior indicative of attempted exploitation. 4) Educate administrators and users about the risks of stored XSS and the importance of cautious interaction with potentially untrusted inputs. 5) Apply input validation and output encoding controls where possible within custom TeamCity configurations or plugins. 6) Stay informed about JetBrains security advisories and apply patches promptly once released. 7) Consider deploying Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting TeamCity endpoints. 8) Regularly audit and update TeamCity instances to the latest secure versions to minimize exposure to known vulnerabilities.