Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2025-58044

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.

Published: Dec 1, 2025
Updated: Dec 6, 2025
CVE: CVE-2025-58044
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
fit2cloud / jumpserver	-	3.10.19
fit2cloud / jumpserver	4.0.0	4.10.5

https://github.com/jumpserver/jumpserver/commit/36ae076cb021f16d2053a63651bc16d15a3ed53b
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-h762-mj7p-jwjq

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo