PT-2025-31117 · Jetbrains · Jetbrains Youtrack
Published
2025-07-28
·
Updated
2025-12-01
·
CVE-2025-54527
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
JetBrains YouTrack versions prior to 2025.2.86935
JetBrains YouTrack version 2025.2.86935
JetBrains YouTrack versions 2025.2.86935 through 2025.2.87167
JetBrains YouTrack version 2025.3.87341
JetBrains YouTrack versions 2025.3.87341 through 2025.3.87344
Description
The software contains an improper iframe configuration within the widget sandbox, which allows popups to bypass security restrictions.
Recommendations
Update JetBrains YouTrack to a version later than 2025.2.86935.
Update JetBrains YouTrack to version 2025.2.86935.
Update JetBrains YouTrack to a version later than 2025.2.87167.
Update JetBrains YouTrack to a version later than 2025.3.87341.
Update JetBrains YouTrack to a version later than 2025.3.87344.
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jetbrains Youtrack