CVE-2025-54534 – This vulnerability allows reflected cross-site ... (How to Fix)

Q: What is the severity of CVE-2025-54534?

CVE-2025-54534 has a CVSS score of 4.8 (MEDIUM). This vulnerability allows reflected cross-site scripting (XSS) attacks on JetBrains TeamCity's agentpushPreset page. Attackers can inject malicious scripts that execute in users' browsers when they visit specially crafted URLs. Organizations running vulnerable TeamCity versions are affected.

📋 TL;DR

This vulnerability allows reflected cross-site scripting (XSS) attacks on JetBrains TeamCity's agentpushPreset page. Attackers can inject malicious scripts that execute in users' browsers when they visit specially crafted URLs. Organizations running vulnerable TeamCity versions are affected.

💻 Affected Systems

Products:

JetBrains TeamCity

Versions: All versions before 2025.07

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: The agentpushPreset page must be accessible to users for exploitation.

📦 What is this software?

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, or redirect users to malicious sites.

🟠

Likely Case

Attackers could steal user session tokens or credentials through phishing links targeting TeamCity users.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to potential script execution in isolated contexts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (clicking malicious link) and access to the vulnerable page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.07 or later

Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/

Restart Required: Yes

Instructions:

1. Backup TeamCity configuration and data. 2. Download TeamCity 2025.07 or later from JetBrains website. 3. Stop TeamCity service. 4. Install the updated version. 5. Restart TeamCity service. 6. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall or proxy rules to filter malicious script patterns in URLs.

Access Restriction

all

Restrict access to agentpushPreset page to trusted IP addresses only.

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution sources.
Educate users about phishing risks and not clicking untrusted TeamCity links.

🔍 How to Verify

Check if Vulnerable:

Check TeamCity version in Administration → Server Administration → Server Health → Version.

Check Version:

On TeamCity server: cat /opt/teamcity/version.txt or check web interface.

Verify Fix Applied:

Verify version is 2025.07 or later and test agentpushPreset page with safe XSS payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual URL parameters containing script tags or JavaScript in access logs
Multiple failed access attempts to agentpushPreset with suspicious parameters

Network Indicators:

HTTP requests to agentpushPreset with encoded script payloads in query parameters

SIEM Query:

source="teamcity_access.log" AND uri="/agentpushPreset" AND (query="<script" OR query="javascript:")

📊 Metadata

CVE ID: CVE-2025-54534

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.01% exploit probability (0.6th percentile)

Published: July 28, 2025

Last Updated: July 29, 2025

🔗 References

https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54534, you might also want to check these: