CVE-2025-58044
December 01, 2025
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
Affected Packages
https://github.com/jumpserver/jumpserver.git (GITHUB):
Affected version(s) >=v1.4.4 <v3.10.19Fix Suggestion:
Update to version v3.10.19https://github.com/jumpserver/jumpserver.git (GITHUB):
Affected version(s) >=v4.0.0 <v4.10.5Fix Suggestion:
Update to version v4.10.5Related Resources (2)
Do you need more information?
Contact UsCVSS v4
Base Score:
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
LOW
Subsequent System Availability
LOW
Exploit Maturity
POC
CVSS v3
Base Score:
8.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
URL Redirection to Untrusted Site ('Open Redirect')
EPSS
Base Score:
0.04
