CVE-2025-23363
published 2025-02-11CVE-2025-23363: A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14)…
PriorityP341high7.4CVSS 3.1
AVNACLPRNUIRSCCHINAN
EPSS
0.52%
40.0th percentile
A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | teamcenter | — | — |
| siemens | teamcenter | — | — |
| siemens | teamcenter | >= 14.3 < 14.3.0.14 | 14.3.0.14 |
| siemens | teamcenter | >= 2312.0 < 2312.0010 | 2312.0010 |
| siemens | teamcenter | >= 2406.0 < 2406.0008 | 2406.0008 |
| siemens | teamcenter | >= 2412.0 < 2412.0004 | 2412.0004 |
| siemens | teamcenter_v14.1 | < * | * |
| siemens | teamcenter_v14.2 | < * | * |
| siemens | teamcenter_v14.3 | < V14.3.0.14 | V14.3.0.14 |
| siemens | teamcenter_v2312 | < V2312.0010 | V2312.0010 |
| siemens | teamcenter_v2406 | < V2406.0008 | V2406.0008 |
| siemens | teamcenter_v2412 | < V2412.0004 | V2412.0004 |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
nvdv4.06.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8gh5-x56f-9qh9: A vulnerability has been identified in Teamcenter (All versions < V14
ghsa_unreviewed·2025-02-11
CVE-2025-23363 [MEDIUM] CWE-601 GHSA-8gh5-x56f-9qh9: A vulnerability has been identified in Teamcenter (All versions < V14
A vulnerability has been identified in Teamcenter (All versions < V14.3.0.0). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
CISA ICS
Siemens Teamcenter
cisa_ics·2025-02-13·CVSS 6.1
[MEDIUM] Siemens Teamcenter
ICS Advisory
##
Siemens Teamcenter
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Teamcenter
- Vulnerability: URL Redirection to Untrusted Site ('Open Redirect')
## 2. RISK EVALUATION
Successful exploitation of this vu
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-11
Published