PatchSiren cyber security CVE debrief
CVE-2025-23363 Siemens CVE debrief
CVE-2025-23363 is a Siemens Teamcenter SSO login redirect issue affecting Teamcenter V14.1, V14.2, V14.3, V2312, V2406, and V2412. The vulnerable behavior allows user-controlled input to influence a link to an external site, which can be abused to redirect a legitimate user to an attacker-chosen URL. Because the attack depends on the user clicking a crafted link, this is a user-interaction-driven exposure rather than a fully silent compromise path. Siemens and CISA provide version-specific fixes and hot fix guidance for affected releases.
- Vendor
- Siemens
- Product
- Teamcenter V14.1
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-06-10
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-06-10
Who should care
Organizations running Siemens Teamcenter in one of the affected versions, especially environments where SSO login links are shared by email, chat, portals, or other external channels. Security teams should also care if Teamcenter is exposed to users who may trust login or SSO redirect links without verifying the destination.
Technical summary
The issue is described as the SSO login service accepting user-controlled input that can specify an external link. That creates an open-redirect-style condition in the login flow. If a user follows an attacker-crafted URL and then continues the login sequence, the user may be redirected to an attacker-controlled site. The advisory states this could be used to steal valid session data. The CVSS vector supplied with the advisory is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N, reflecting network exposure, no privileges required, and required user interaction.
Defensive priority
High. The vulnerability is remotely reachable and can affect confidentiality if users are socially engineered into clicking a malicious link. Prioritize remediation in internet-facing or broadly user-accessible Teamcenter deployments, and treat it as a phishing-assisted session exposure risk.
Recommended defensive actions
- Update affected Teamcenter releases to Siemens-fixed versions where available: V14.3.0.14 or later, V2312.0010 or later, V2406.0008 or later, and V2412.0004 or later.
- For Teamcenter V14.1 and V14.2, apply the Siemens hot fix described in Software Field Bulletin PL8837639.
- Do not rely on user training alone; restrict or validate login redirects and external link handling in SSO flows where possible.
- Warn users to avoid clicking untrusted login or SSO links, especially links delivered outside expected enterprise workflows.
- Review external-facing Teamcenter access paths and apply CISA ICS recommended practices appropriate to the deployment.
- Track Siemens and CISA advisory updates for any further fix guidance or release changes.
Evidence notes
The vulnerability description, affected product list, and remediation guidance are taken from the Siemens CSAF advisory referenced by CISA advisory ICSA-25-044-07. The source record shows the initial publication on 2025-02-11 and later revisions on 2025-02-25, 2025-03-20, and 2025-06-10, including changes to fix guidance. The supplied advisory text explicitly states that user interaction is required and that a crafted link can redirect a legitimate user to an attacker-chosen URL.
Official resources
-
CVE-2025-23363 CVE record
CVE.org
-
CVE-2025-23363 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-02-11. The source advisory was revised on 2025-02-25, 2025-03-20, and 2025-06-10 as Siemens updated remediation guidance. No KEV listing was provided in the supplied source corpus.