Cybersecurity Vulnerabilities

JumpServer Open Redirect Vulnerability: CVE-2025-58044 – Secure Your Bastion Host

December 1, 2025 - By 

Overview

CVE-2025-58044 describes an Open Redirect vulnerability affecting JumpServer, a popular open-source bastion host and operation and maintenance security audit system. The vulnerability resides in the /core/i18n// endpoint. Untrusted data from the Referer header is used for redirection without proper validation, potentially allowing attackers to redirect users to malicious websites. This issue has been addressed in JumpServer versions v3.10.19 and v4.10.5.

Technical Details

The root cause of this vulnerability lies in the insufficient validation of the Referer header when constructing the redirection URL within the /core/i18n// endpoint. The Referer header is provided by the client (browser) and can be easily manipulated by an attacker. By crafting a malicious Referer header containing a URL to a phishing site or other harmful resource, an attacker can trick JumpServer into redirecting unsuspecting users after a successful login or other actions.

The vulnerable code uses the value of the Referer header to construct a redirect URL. Because no check is performed on the validity or safety of the extracted URL, the application simply redirects the user to the malicious URL.

CVSS Analysis

Due to the nature of this finding the CVSS score has been deemed N/A by the vendor. This will be updated as information becomes available.

Possible Impact

The Open Redirect vulnerability can have several negative consequences:

  • Phishing Attacks: Attackers can redirect users to phishing websites that mimic the JumpServer login page or other legitimate pages, stealing their credentials.
  • Malware Distribution: Users can be redirected to websites hosting malware, leading to system compromise.
  • Reputation Damage: Exploitation of this vulnerability can damage the reputation of the organization using JumpServer.

Mitigation or Patch Steps

The recommended mitigation is to upgrade JumpServer to versions v3.10.19 or v4.10.5 or later. These versions contain the fix for this vulnerability, which includes proper validation of the redirection target based on the Referer header or any other kind of redirection.

If upgrading is not immediately possible, consider implementing a web application firewall (WAF) rule to filter or sanitize the Referer header to prevent redirection to untrusted domains. However, upgrading remains the most reliable and comprehensive solution.

References

JumpServer Commit: 36ae076cb021f16d2053a63651bc16d15a3ed53b
JumpServer Security Advisory: GHSA-h762-mj7p-jwjq

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *