CVE-2025-61669
MEDIUMjupyter_server next parameter open redirect can redirect users to external domains
Title source: cnaDescription
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w
Scores
CVSS v3
6.1
EPSS
0.0001
EPSS Percentile
1.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (3)
jupyter/jupyter_server
< 2.18.0
jupyter-server/jupyter_server
<= 2.17.0
pypi/jupyter-server
0 - 2.18.0PyPI
Published
May 05, 2026
Tracked Since
May 05, 2026