216.73.216.86

CVE-2025-58044

· Published 01/12/2025 21:15 · Modified 05/12/2025 19:48

Labels: CVE-2025-58044 2025-12-01CVE-2025-58044CWE-601[email protected]

Essential information

Published
01/12/2025 21:15
Modified
05/12/2025 19:48
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fit2cloud / jumpserver cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*
fit2cloud / jumpserver cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*

References