VDB

CVE-2025-23363

CVE-2025-23363 PUBLISHED CVSS 7.400000095367432 HIGH

A vulnerability has been identified in Teamcenter (All versions < V14.3.0.0). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

EPSS 0.41% · 61.8th percentile

Risk Scores

CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS Score
0.41%
61.8th percentile

Affected Products

VendorProductVersions
SiemensTeamcenter V14.20
SiemensTeamcenter V14.10
SiemensTeamcenter V24120
SiemensTeamcenter V14.30
SiemensTeamcenter V23120
siemensteamcenter14.2, 14.3, 2312.0
SiemensTeamcenter V24060

Timeline

  • Feb 11, 2025 CVE Published
  • Feb 11, 2025 PoC Published
  • Feb 11, 2025 PoC Published
  • Feb 11, 2025 PoC Published
  • Feb 11, 2025 PoC Published
  • Feb 11, 2025 PoC Published
  • Feb 12, 2025 EPSS Score
  • Feb 13, 2025 PoC Published
  • Feb 25, 2025 PoC Published
  • Feb 27, 2025 EPSS Score
  • Feb 27, 2025 PoC Published
  • Mar 2, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›