Improper iframe configuration in JetBrains YouTrack
CVE-2025-54527

6.1MEDIUM

Key Information:

Vendor: Jetbrains
Status: Youtrack
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-54527?

In JetBrains YouTrack versions before 2025.2.86935, 2025.2.87167, 2025.3.87341, and 2025.3.87344, the improper configuration of iframe settings within the widget sandbox allows malicious popups to bypass established security protocols. This flaw presents risks of unauthorized access and exploitation, posing significant security challenges for users relying on the application for project management.

Affected Version(s)

YouTrack 0 < 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jul 24, 2025

Jetbrains

What is CVE-2025-54527?

Affected Version(s)

References

CVSS V3.1

Timeline