CVE-2025-68166 is a DOM-based Cross-Site Scripting (XSS) vulnerability identified in JetBrains TeamCity, a popular continuous integration and deployment server. The vulnerability specifically affects versions prior to 2025.11 and is located on the OAuth connections tab within the TeamCity web interface. DOM-based XSS occurs when client-side scripts write untrusted data to the Document Object Model without proper sanitization, enabling attackers to inject malicious JavaScript code that executes in the context of the victim's browser session. This flaw does not require authentication, meaning any user who can access the OAuth connections tab can potentially trigger the vulnerability, although user interaction is necessary to exploit it. The CVSS v3.1 base score is 5.4 (medium), reflecting a network attack vector with low complexity and no privileges required, but requiring user interaction. The impact includes limited confidentiality and integrity compromise, such as theft of session tokens or manipulation of client-side data, but does not affect system availability. No public exploits or active exploitation have been reported to date. The vulnerability highlights the importance of secure coding practices in web interfaces, particularly those handling OAuth and authentication-related features. JetBrains has reserved the CVE and is expected to release a patch in version 2025.11. Until then, affected users should apply mitigations to reduce risk.

For European organizations, the impact of CVE-2025-68166 can range from unauthorized disclosure of sensitive information to manipulation of user sessions within TeamCity environments. Since TeamCity is widely used in software development pipelines, exploitation could allow attackers to hijack developer sessions, potentially leading to further attacks such as code injection or unauthorized access to build artifacts. Although availability is not impacted, the integrity and confidentiality of development workflows could be compromised, affecting software supply chain security. Organizations with publicly accessible or poorly segmented TeamCity servers are at higher risk. The medium severity indicates that while the vulnerability is not critical, it can serve as an entry point for more sophisticated attacks if combined with other vulnerabilities or social engineering. Given the reliance on continuous integration tools in European tech sectors, this vulnerability could disrupt development operations and erode trust in software integrity if exploited.

1. Upgrade JetBrains TeamCity to version 2025.11 or later as soon as the patch is released to ensure the vulnerability is fully remediated. 2. Until patching is possible, restrict access to the TeamCity web interface, especially the OAuth connections tab, using network segmentation, VPNs, or IP whitelisting to limit exposure. 3. Implement strict Content Security Policies (CSP) in the TeamCity web server configuration to reduce the risk of script injection and execution. 4. Conduct a thorough review of custom plugins or integrations that interact with the OAuth connections tab to ensure they do not introduce additional XSS risks. 5. Educate users about the risks of clicking on suspicious links or interacting with untrusted content within TeamCity interfaces. 6. Monitor logs and user activity for unusual behavior indicative of attempted exploitation. 7. Employ web application firewalls (WAFs) with rules targeting DOM-based XSS patterns to provide an additional layer of defense. 8. Regularly audit and sanitize all user inputs and outputs related to OAuth and authentication features in TeamCity.