CVE-2025-58044 Scanner

JumpServer is a widely-used open source bastion host designed for operation and maintenance security audits. It is implemented by many organizations to manage and monitor user access to critical systems, providing a layer of security in environments that require auditing and control over access. JumpServer serves industries that demand robust security measures, such as finance, healthcare, and government sectors. Through its customizable interface and extensive plugin support, administrators can enhance the platform's capabilities to fit their specific security requirements. Regular updates and community support ensure that JumpServer remains a leading choice for secure remote access. By deploying JumpServer, businesses can consolidate their access controls while ensuring a traceable record of user activity.

The Open Redirect vulnerability in JumpServer arises from improper handling of the Referer header at the /core/i18n// endpoint. This flaw allows malicious entities to craft URLs that can redirect users to attacker-controlled sites. Such vulnerabilities are often exploited for phishing attacks to capture user credentials or to spread malware. The vulnerability can be remotely executed with a low level of complexity, requiring user interaction to succeed. Given its potential impact, addressing this vulnerability is crucial for maintaining the integrity and trust of the system. The flaw is a classic example of insufficient validation in handling user inputs, necessitating quick remediation to protect user data and system security.

The core vulnerability lies in the /core/i18n// endpoint of JumpServer, which uses the Referer header value as a redirection target without sufficient validation or sanitization. Hackers can exploit this flaw by creating malicious URLs with a manipulated Referer header, which the server incorrectly trusts and uses to redirect users. The vulnerability is rooted in a lack of constraints on inputs, where unauthorized URL values can be inadvertently injected and executed. The vulnerability's exploitation is relatively straightforward, utilizing a crafted HTTP Referer header to induce the redirect. Successful exploitation does not compromise the server directly but jeopardizes user safety by redirecting to malicious domains. This issue highlights the critical need for accurate user input validation.

If exploited, this Open Redirect vulnerability could lead to users being redirected to malicious or phishing websites, potentially resulting in credential theft or malicious software installation on the user's system. Attackers leverage such vulnerabilities to increase the credibility of phishing attempts, as the initial link appears to be from a legitimate source. The resulting redirection can damage user trust and the reputation of organizations using JumpServer. Furthermore, such vulnerabilities could be compounded in targeted attacks, where users are unknowingly redirected to exploit kits or other attack vectors. Proper validation and sanitization are crucial to prevent steering users into these traps and maintaining the security posture of the managing entity.

REFERENCES

• https://github.com/jumpserver/jumpserver/security/advisories/GHSA-h762-mj7p-jwjq
• https://github.com/jumpserver/jumpserver/commit/36ae076cb021f16d2053a63651bc16d15a3ed53b
• https://nvd.nist.gov/vuln/detail/CVE-2025-58044