CVE-2025-54527

Summary

In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions

Affected Software

VendorProductVersion RangeStatus
JetBrainsYouTrack`0 < 2025.2.86935,
2025.2.87167,
2025.3.87341,
2025.3.87344`affected

Weaknesses

  • CWE-1021: CWE-1021

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References