CVE-2025-58044

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-58044
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58044.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-58044
Aliases
  • GHSA-h762-mj7p-jwjq
Published
2025-12-01T20:17:44.222Z
Modified
2025-12-07T10:07:23.215633Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:P CVSS Calculator
Summary
JumpServer has an Open Redirect Vulnerability
Details

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58044.json",
    "cwe_ids": [
        "CWE-601"
    ]
}
References

Affected packages

Git / github.com/jumpserver/jumpserver

Affected ranges

Type
GIT
Repo
https://github.com/jumpserver/jumpserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9a6e7be4c4920af769605f45e92ec6f020da58af
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.10.19"
        }
    ]
}
Type
GIT
Repo
https://github.com/jumpserver/jumpserver
Events
Introduced
6e7c11d6c0d113a883500a8cbd4bff04863d98cd
Fixed
15259fc10c064fdfbd73dc45af328a363e6e7ef8
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.10.5"
        }
    ]
}