CVE-2025-46618: 
JetBrains TeamCity vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in JetBrains TeamCity versions prior to 2025.03.1. The vulnerability, identified as CVE-2025-46618, was found specifically on the Data Directory tab of the application. The issue was discovered and reported on April 25, 2025 (CVE Details, JetBrains Issues).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 Base Score of 3.5 (LOW). The attack vector is characterized by CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N, indicating that it requires network access, has low attack complexity, requires high privileges, and needs user interaction for successful exploitation (CVE Details).

When successfully exploited, this vulnerability could enable attackers to execute malicious scripts within the context of other users' browsers who access the Data Directory tab. This could potentially lead to the theft of sensitive information or manipulation of the displayed content (Wiz).

The vulnerability has been addressed and patched in TeamCity version 2025.03.1. Users are strongly advised to upgrade to this version or later to mitigate the security risk (JetBrains Issues).