CVE-2025-24459

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.12.1

Description The issue allows for reflected XSS on the "Vault Connection page". There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For JetBrains TeamCity versions prior to 2024.12.1, update to version 2024.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Vault Connection page" until a patch is applied.