CVE-2025-47852: 
JetBrains TeamCity vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was identified in JetBrains TeamCity versions prior to 2025.03.2, specifically affecting the YouTrack integration functionality. The vulnerability was discovered and reported by Alex Williams from Converge Technology Solutions, and was assigned CVE-2025-47852 on May 12, 2025 (CVE Details, NVD).

The vulnerability has been assigned CWE-79 (Improper Neutralization of Input During Web Page Generation), commonly known as Cross-site Scripting. According to the CVSS 3.1 scoring system, it received a base score of 4.8 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, high privileges, and user interaction to exploit (NVD).

The vulnerability could potentially allow attackers to execute stored XSS attacks through the YouTrack integration feature, potentially leading to unauthorized access to sensitive information and possible manipulation of web content. The CVSS scoring indicates low impacts on both confidentiality and integrity, with no impact on availability (NVD).

The vulnerability has been patched in JetBrains TeamCity version 2025.03.2. Users are advised to upgrade to this version or later to mitigate the risk (JetBrains Security).