CVE-2025-54527

July 28, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-54527
Type cve
Published 2025-07-28T16:20:38.600Z
Modified 2025-07-28T16:20:38.600Z

Product Information

Vendor JetBrains
Product YouTrack
Version 0

CVSS Information

Base Score 6.1 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

  • JetBrains YouTrack 0

Additional Information

Source JetBrains

Description

In JetBrains YouTrack before 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.