cbcvebase.
CVE-2025-23363
published 2025-02-11

CVE-2025-23363: A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14)…

PriorityP341high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
EPSS
0.52%
40.0th percentile
A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

Affected

12 ranges
VendorProductVersion rangeFixed in
siemensteamcenter
siemensteamcenter
siemensteamcenter>= 14.3 < 14.3.0.1414.3.0.14
siemensteamcenter>= 2312.0 < 2312.00102312.0010
siemensteamcenter>= 2406.0 < 2406.00082406.0008
siemensteamcenter>= 2412.0 < 2412.00042412.0004
siemensteamcenter_v14.1< **
siemensteamcenter_v14.2< **
siemensteamcenter_v14.3< V14.3.0.14V14.3.0.14
siemensteamcenter_v2312< V2312.0010V2312.0010
siemensteamcenter_v2406< V2406.0008V2406.0008
siemensteamcenter_v2412< V2412.0004V2412.0004

CVSS provenance

nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
nvdv4.06.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.