Lucene search
K

JumpServer - Open Redirect via Referer Header

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 10 Views

JumpServer allows open redirect via Referer header on core/i18n/ endpoint prior to versions 3.10.19 and 4.10.5.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-58044
25 Mar 202605:44
circl
CNNVD
JumpServer 输入验证错误漏洞
1 Dec 202500:00
cnnvd
CVE
CVE-2025-58044
1 Dec 202520:17
cve
Cvelist
CVE-2025-58044 JumpServer has an Open Redirect Vulnerability
1 Dec 202520:17
cvelist
EUVD
EUVD-2025-200086
1 Dec 202520:17
euvd
NVD
CVE-2025-58044
1 Dec 202521:15
nvd
OSV
CVE-2025-58044 JumpServer has an Open Redirect Vulnerability
1 Dec 202520:17
osv
Positive Technologies
PT-2025-48546
1 Dec 202500:00
ptsecurity
RedhatCVE
CVE-2025-58044
11 Dec 202520:53
redhatcve
Vulnrichment
CVE-2025-58044 JumpServer has an Open Redirect Vulnerability
1 Dec 202520:17
vulnrichment
Rows per page
id: CVE-2025-58044

info:
  name: JumpServer - Open Redirect via Referer Header
  author: DhiyaneshDk
  severity: medium
  description: |
    JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability.
  impact: |
    An attacker can craft a malicious link that, when clicked by a victim, redirects them toan attacker-controlled website. This can be used to steal credentials through phishing or to distribute malware.
  remediation: |
    Upgrade JumpServer to version 3.10.19 or later (for v3.x) or version 4.10.5 or later (for v4.x).
  reference:
    - https://github.com/jumpserver/jumpserver/security/advisories/GHSA-h762-mj7p-jwjq
    - https://github.com/jumpserver/jumpserver/commit/36ae076cb021f16d2053a63651bc16d15a3ed53b
    - https://nvd.nist.gov/vuln/detail/CVE-2025-58044
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2025-58044
    epss-score: 0.00442
    epss-percentile: 0.35475
    cwe-id: CWE-601
  metadata:
    verified: true
    max-request: 1
    vendor: fit2cloud
    product: jumpserver
    shodan-query: html:"JumpServer 开源堡垒机"
  tags: cve,cve2025,jumpserver,redirect,open-redirect,fit2cloud

http:
  - method: GET
    path:
      - "{{BaseURL}}/core/i18n/ko/"

    headers:
      Referer: "https://oast.pro"

    matchers-condition: and
    matchers:
      - type: regex
        part: header
        regex:
          - '(?i)location:\s*https?://oast\.pro'

      - type: status
        status:
          - 302
# digest: 490a0046304402200f49ee48bb3ca6239a72647f64a26ffadae08b8957b1d86042f4f9c706aa3c2e0220502325e8e080b06aa0c9c6186e53f2ce4d3054aa54caa7af5c4ca3ba4db0371c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Mar 2026 05:44Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.16.1
CVSS 46.9
EPSS0.00442
SSVC
10