CVE-2025-61669

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Jupyter Server versions prior to 2.18.0

Description Insufficient validation of the next query parameter in the login flow within the LoginFormHandler. redirect safe() function allows redirects to arbitrary external domains. An attacker can use a crafted login URL to redirect users to a malicious site, facilitating phishing attacks. This is particularly risky for deployments served on public domains where users may be redirected to look-alike URLs.

Recommendations Update to version 2.18.0 or later.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2025-61669

GHSA-QH7Q-6QM3-653W

OPENSUSE-SU-2026:10710-1

PYSEC-2026-67

Affected Products

Jupyter Server

CVE-2025-61669

Weakness Enumeration

Related Identifiers

Affected Products

References · 16