216.73.217.24

CVE-2025-61669

· Published 05/05/2026 16:16 · Modified 05/05/2026 21:16

Labels: CVE-2025-61669 2026-05-05CVE-2025-61669CWE-601[email protected]

Essential information

Published
05/05/2026 16:16
Modified
05/05/2026 21:16
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
jupyter / jupyter server cpe:2.3:a:jupyter:jupyter_server:<2.18.0:*:*:*:*:*:*
jupyter / jupyter server cpe:2.3:a:jupyter:jupyter_server:2.18.0:*:*:*:*:*:*

References