CVE-2025-58044
MEDIUM WAF: Medium
CVSS 6.1
Published: 2025-12-01
CWE-601
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| fit2cloud | jumpserver | up to 3.10.19 |
| fit2cloud | jumpserver | 4.0.0 - 4.10.5 |
References
- github.com (Patch)
- github.com (Patch, Vendor Advisory)