PT-2025-48546 · Unknown · Jumpserver
Published
2025-12-01
·
Updated
2026-03-26
·
CVE-2025-58044
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L |
Name of the Vulnerable Software and Affected Versions
JumpServer versions prior to 3.10.19
JumpServer versions prior to 4.10.5
Description
JumpServer is an open source bastion host and an operation and maintenance security audit system. The
/core/i18n// API endpoint uses the Referer header as the redirection target without proper validation. This can lead to an Open Redirect condition, potentially allowing an attacker to redirect users to malicious websites. The Referer header is used to determine the redirection target.Recommendations
JumpServer versions prior to 3.10.19 should be updated to version 3.10.19 or later.
JumpServer versions prior to 4.10.5 should be updated to version 4.10.5 or later.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jumpserver