Unrated severityNVD Advisory· Published Dec 1, 2025· Updated Dec 1, 2025

JumpServer has an Open Redirect Vulnerability

CVE-2025-58044

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.

Affected products

Jumpserver/Jumpserverv5
Range: < 3.10.19

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/jumpserver/jumpserver/commit/36ae076cb021f16d2053a63651bc16d15a3ed53bmitrex_refsource_MISC
github.com/jumpserver/jumpserver/security/advisories/GHSA-h762-mj7p-jwjqmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000