JumpServer Connection Token Leak Vulnerability_CVE-2025-62712

9.6 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint (/api/v1/authentication/super-connection-token/). When accessed from a web browser, this endpoint returns connection tokens created by all users instead of restricting results to tokens owned by or authorized for the requester. An attacker who obtains these tokens can use them to initiate connections to managed assets on behalf of the original token owners, resulting in unauthorized access and privilege escalation across sensitive systems. This vulnerability is fixed in v3.10.20-lts and v4.10.11-lts.

AI Analysis

Connection token leak vulnerability allowing unauthorized access and privilege escalation

Basic Information

ID CVE-2025-62712

Source GitHub_M

Published Oct 30, 2025 at 16:08

Affected Product

Vendor jumpserver

Product jumpserver

Version >= 4.0.0, < 4.10.11-lts

Affected Versions jumpserver jumpserver >= 4.0.0, < 4.10.11-lts
jumpserver jumpserver < 3.10.20-lts

CWE Classification

CWE-862

AI Assessment

AI Score 9.6 / 10

AI Severity Critical

Vendor JumpServer

Product JumpServer

Version v3.10.20-lts, v4.10.11-lts

References

{
    "lastseen": "",
    "description": "JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint (/api/v1/authentication/super-connection-token/). When accessed from a web browser, this endpoint returns connection tokens created by all users instead of restricting results to tokens owned by or authorized for the requester. An attacker who obtains these tokens can use them to initiate connections to managed assets on behalf of the original token owners, resulting in unauthorized access and privilege escalation across sensitive systems. This vulnerability is fixed in v3.10.20-lts and v4.10.11-lts.",
    "published": "2025-10-30T16:08:32.669Z",
    "modified": "2025-10-30T16:08:32.669Z",
    "type": "cve",
    "title": "JumpServer Connection Token Leak Vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-6ghx-6vpv-3wg7\nhttps://github.com/jumpserver/jumpserver/commit/453ad331eec9d9667a38de735d6612608e558491",
    "id": "CVE-2025-62712",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "jumpserver jumpserver >= 4.0.0, < 4.10.11-lts\njumpserver jumpserver < 3.10.20-lts",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jumpserver",
    "version": ">= 4.0.0, < 4.10.11-lts",
    "vendor": "jumpserver",
    "ai_description": "Connection token leak vulnerability allowing unauthorized access and privilege escalation",
    "ai_severity": "Critical",
    "ai_vendor": "JumpServer",
    "ai_product": "JumpServer",
    "ai_version": "v3.10.20-lts, v4.10.11-lts",
    "ai_score": 9.6
}