CVE-2025-54527
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-28

Last updated on: 2025-12-01

Assigner: JetBrains s.r.o.

Description
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2025-12-01
Generated
2026-05-27
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-25
NVD
CVE-2025-54527
EUVD
EUVD-2025-22927
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
jetbrains youtrack to 2025.2.86935 (exc)
jetbrains youtrack From 2025.2.87000 (inc) to 2025.2.87167 (exc)
jetbrains youtrack From 2025.3 (inc) to 2025.3.87341 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1021 The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The vulnerability can impact you by allowing malicious popups to bypass security restrictions, potentially leading to unauthorized content being shown or actions being performed without proper user consent. This could result in information disclosure or manipulation of the user interface.


Can you explain this vulnerability to me?

This vulnerability in JetBrains YouTrack before versions 2025.2.86935, 2025.2.87167, 2025.3.87341, and 2025.3.87344 is caused by improper iframe configuration in the widget sandbox. It allows popups to bypass security restrictions that are normally enforced to prevent unauthorized actions or content from being displayed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart