Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

Published

2025-02-11T11:15:16.250

Last Modified

2025-09-24T00:58:03.703

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses

Type: Secondary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	teamcenter	< 14.3.0.14	Yes
Application	siemens	teamcenter	< 2312.0010	Yes
Application	siemens	teamcenter	< 2406.0008	Yes
Application	siemens	teamcenter	< 2412.0004	Yes
Application	siemens	teamcenter	14.1	Yes
Application	siemens	teamcenter	14.2	Yes

References

https://cert-portal.siemens.com/productcert/html/ssa-656895.html Vendor Advisory ([email protected])