CVE-2025-58044
MEDIUM NUCLEIFit2cloud Jumpserver < 3.10.19 - Open Redirect
Title source: ruleDescription
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. This vulnerability is fixed in v3.10.19 and v4.10.5.
Nuclei Templates (1)
JumpServer - Open Redirect via Referer Header
MEDIUMVERIFIEDby DhiyaneshDk
Shodan:
html:"JumpServer 开源堡垒机"
Scores
CVSS v3
6.1
EPSS
0.0137
EPSS Percentile
80.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
fit2cloud/jumpserver
< 3.10.19
Published
Dec 01, 2025
Tracked Since
Feb 18, 2026