CVEFinder.io

CVE-2025-23363

⚠️ high
🔍 Scan for this CVE
Summary

A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL

Description

A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.

CVSS Score
7.4
High
EPSS Score
0.1
Exploit Probability
Published Date
2025-02-11
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 57.0% of all 321,566 vulnerabilities in our database.

#138,194
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Feb 11, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-09-24
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-601

📦 Affected Products 6

Vendor Product Status Affected Versions
siemens teamcenter Affected
≥ 14.3 < 14.3.0.14
siemens teamcenter Affected
≥ 2312.0 < 2312.0010
siemens teamcenter Affected
≥ 2406.0 < 2406.0008
siemens teamcenter Affected
≥ 2412.0 < 2412.0004
siemens teamcenter Affected
v14.1
siemens teamcenter Affected
v14.2

🔗 References 1

https://cert-portal.siemens.com/productcert/html/ssa...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-33862 ⚠️ high 7.3 0.0 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2... 2026-05-12
CVE-2026-33893 ⚠️ high 7.5 0.1 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2... 2026-05-12
CVE-2022-34660 ⛔ critical 9.8 0.9 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V1... 2022-08-10
CVE-2022-34661 ⚠️ high 7.5 0.4 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V1... 2022-08-10
CVE-2022-31619 ⚠️ high 8.8 1.2 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V1... 2022-06-14
CVE-2022-24290 ⚠️ high 7.5 0.8 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V1... 2022-05-20
These CVEs affect the same products