CVE-2025-23363 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-23363 PUBLISHED CVSS 7.400000095367432 HIGH

A vulnerability has been identified in Teamcenter (All versions < V14.3.0.0). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

EPSS 0.27% · 50.5th percentile

Risk Scores

CVSS v3.1

7.400000095367432

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS Score

0.27%

50.5th percentile

Affected Products

Vendor	Product	Versions
Siemens	Teamcenter V14.2	0
Siemens	Teamcenter V14.1	0
Siemens	Teamcenter V2412	0
Siemens	Teamcenter V14.3	0
Siemens	Teamcenter V2312	0
siemens	teamcenter	14.1, 14.2, 14.3
Siemens	Teamcenter V2406	0

Timeline

Jan 14, 2025 CVE ID Reserved
Feb 11, 2025 CVE Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 12, 2025 EPSS Score
Feb 13, 2025 PoC Published
Feb 25, 2025 PoC Published
Feb 26, 2025 EPSS Score
Feb 27, 2025 PoC Published

References

Open in Interactive Console →