CVE-2025-58044
MEDIUM NUCLEIfit2cloud jumpserver < 3.10.19 - Open Redirect via Referer Header
Title source: llmExploitation Summary
CVE-2025-58044 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
Nuclei Templates (1)
JumpServer - Open Redirect via Referer Header
MEDIUMVERIFIEDby DhiyaneshDk
Shodan:
html:"JumpServer 开源堡垒机"
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-h762-mj7p-jwjq
Scores
CVSS v3
6.1
EPSS
0.0128
EPSS Percentile
80.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (1)
fit2cloud/jumpserver
< 3.10.19
Published
Dec 01, 2025
Tracked Since
Feb 18, 2026