JumpServer has an Open Redirect Vulnerability_CVE-2025-58044

5.5 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:P

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.

Basic Information

ID CVE-2025-58044

Source GitHub_M

Published Dec 1, 2025 at 20:17

Modified Dec 1, 2025 at 20:33

Affected Product

Vendor jumpserver

Product jumpserver

Version < 3.10.19

Affected Versions jumpserver jumpserver < 3.10.19
jumpserver jumpserver >= 4.0.0, < 4.10.5

CWE Classification

CWE-601

References

{
    "lastseen": "",
    "description": "JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.",
    "published": "2025-12-01T20:17:44.222Z",
    "modified": "2025-12-01T20:33:33.039Z",
    "type": "cve",
    "title": "JumpServer has an Open Redirect Vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-h762-mj7p-jwjq\nhttps://github.com/jumpserver/jumpserver/commit/36ae076cb021f16d2053a63651bc16d15a3ed53b",
    "id": "CVE-2025-58044",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "jumpserver jumpserver < 3.10.19\njumpserver jumpserver >= 4.0.0, < 4.10.5",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jumpserver",
    "version": "< 3.10.19",
    "vendor": "jumpserver",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}