CVE-2025-23363 – This CVE describes an open redirect vulnerabili... (How to Fix)

Q: How do I fix CVE-2025-23363?

1. Identify your Teamcenter version. 2. Download and apply the appropriate patch from Siemens support portal. 3. Verify the patch installation. 4. Test SSO functionality after patching.

Q: What is the severity of CVE-2025-23363?

CVE-2025-23363 has a CVSS score of 7.4 (HIGH). This CVE describes an open redirect vulnerability in Siemens Teamcenter's SSO login service across multiple versions. An attacker can craft malicious links that redirect legitimate users to external sites, potentially stealing valid session data. Affected users include all organizations running vulnerable Teamcenter versions who click on attacker-provided links.

📋 TL;DR

This CVE describes an open redirect vulnerability in Siemens Teamcenter's SSO login service across multiple versions. An attacker can craft malicious links that redirect legitimate users to external sites, potentially stealing valid session data. Affected users include all organizations running vulnerable Teamcenter versions who click on attacker-provided links.

💻 Affected Systems

Products:

Siemens Teamcenter

Versions: Teamcenter V14.1 (All versions), V14.2 (All versions), V14.3 (All versions < V14.3.0.14), V2312 (All versions < V2312.0010), V2406 (All versions < V2406.0008), V2412 (All versions < V2412.0004)

Operating Systems: Not specified - likely all supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All affected versions in default configuration are vulnerable. The vulnerability is in the SSO login service component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Session hijacking leading to unauthorized access to Teamcenter systems, data theft, and potential lateral movement within the network.

🟠

Likely Case

Credential theft or session compromise for individual users who click malicious links, potentially leading to unauthorized access to their Teamcenter accounts.

🟢

If Mitigated

Minimal impact if users are trained not to click suspicious links and proper URL validation is implemented.

🌐 Internet-Facing: HIGH - The vulnerability requires user interaction but can be exploited via phishing emails or malicious websites targeting internet-facing Teamcenter instances.

🏢 Internal Only: MEDIUM - Internal phishing campaigns could still exploit this, but requires internal network access or compromised internal accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (clicking malicious link) and knowledge of the Teamcenter instance URL. No authentication bypass is needed to craft the malicious link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V14.3.0.14, V2312.0010, V2406.0008, V2412.0004 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-656895.html

Restart Required: No

Instructions:

1. Identify your Teamcenter version. 2. Download and apply the appropriate patch from Siemens support portal. 3. Verify the patch installation. 4. Test SSO functionality after patching.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement server-side validation to reject URLs with external domains in SSO login parameters

Configuration dependent - consult Siemens documentation for custom validation rules

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block redirects to external domains from SSO endpoints
User awareness training about phishing risks and not clicking suspicious Teamcenter links

🔍 How to Verify

Check if Vulnerable:

Check Teamcenter version against affected versions list. Test SSO endpoint with external URL parameter to see if redirect occurs.

Check Version:

Check Teamcenter administration console or consult Siemens documentation for version checking commands specific to your deployment.

Verify Fix Applied:

After patching, attempt to trigger the redirect with external URL parameters - should be blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns in SSO logs
Multiple failed redirect attempts with external domains
User complaints about unexpected redirects

Network Indicators:

Outbound connections from Teamcenter server to unexpected external domains following SSO requests

SIEM Query:

source="teamcenter" AND (url_contains="redirect" OR url_contains="sso") AND dest_domain NOT IN (allowed_domains)

📊 Metadata

CVE ID: CVE-2025-23363

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE: CWE-601

EPSS Score: 0.11% exploit probability (30.2th percentile)

Published: February 11, 2025

Last Updated: September 24, 2025

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-656895.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-23363, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Teamcenter by Siemens

Teamcenter by Siemens

Teamcenter by Siemens

Teamcenter by Siemens

Teamcenter by Siemens

Teamcenter by Siemens

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Enhancement

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities