CVE-2025-23363

Published Feb 11, 2025

Last updated a month ago

CVSS medium 6.1

Overview

Description
A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010), Teamcenter V2406 (All versions < V2406.0008), Teamcenter V2412 (All versions < V2412.0004). The SSO login service of affected applications accepts user-controlled input that could specify a link to an external site. This could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data. For a successful exploit, the legitimate user must actively click on an attacker-crafted link.
Source
productcert@siemens.com
NVD status
Analyzed
Products
teamcenter

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Secondary
Base score
7.4
Impact score
4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Severity
HIGH

Weaknesses

productcert@siemens.com
CWE-601

Social media

Hype score
Not currently trending

  1. CVE-2025-23363 impacts Siemens TeamCenter #SiemensTeamCenter #CVE-2025-23363 https://t.co/r1TIuh6wxy

    @pravin_karthik

    2 Mar 2025

    93 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) - Help Net Security https://t.co/sN1zMETqd0

    @PVynckier

    2 Mar 2025

    201 Impressions

    4 Retweets

    4 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  3. A high-severity vulnerability (CVE-2025-23363) in Siemens Teamcenter PLM could allow session data theft via malicious links. Users advised to avoid untrusted sources. ⚠️ #Siemens #PLM #DataProtection link: https://t.co/JbidRDuetk https://t.co/te9yzUP50T

    @TweetThreatNews

    1 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #Siemens Teamcenter #vulnerability could allow account takeover (#CVE-2025-23363) https://t.co/UmvtKTwKj3

    @ScyScan

    27 Feb 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-23363 🔴 HIGH (7.4) 🏢 Siemens - Teamcenter 🏗️ 0 🔗 https://t.co/b7ubkvz2kg #CyberCron #VulnAlert https://t.co/OAoW0AfWYp

    @cybercronai

    12 Feb 2025

    78 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. New post from https://t.co/uXvPWJy6tj (CVE-2025-23363 | Siemens Teamcenter up to 14.0.0.2 Link redirect (ssa-656895)) has been published on https://t.co/dwm8GkIf43

    @WolfgangSesin

    11 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-23363 A vulnerability has been identified in Teamcenter (All versions &lt; V14.3.0.0). The SSO login service of affected applications accepts user-controlled input that could … https://t.co/3QaTIuvbOf

    @CVEnew

    11 Feb 2025

    241 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.