CVE-2025-58044
📋 TL;DR
This CVE describes an open redirect vulnerability in JumpServer's internationalization endpoint. Attackers can craft malicious URLs that redirect users to arbitrary external sites by exploiting improper validation of the Referer header. All JumpServer instances running versions before v3.10.19 or v4.10.5 are affected.
💻 Affected Systems
- JumpServer
📦 What is this software?
Jumpserver by Fit2cloud
Jumpserver by Fit2cloud
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect authenticated users to phishing sites that steal credentials or deliver malware, potentially leading to full system compromise if users are tricked into entering sensitive information.
Likely Case
Attackers use the open redirect in phishing campaigns to make malicious links appear legitimate, increasing the success rate of credential harvesting attacks against JumpServer users.
If Mitigated
With proper user awareness training and web filtering, the impact is limited to potential user confusion from unexpected redirects, but no direct system compromise.
🎯 Exploit Status
The vulnerability requires no authentication and exploitation is straightforward by crafting a malicious URL with a manipulated Referer header.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v3.10.19 or v4.10.5
Vendor Advisory: https://github.com/jumpserver/jumpserver/security/advisories/GHSA-h762-mj7p-jwjq
Restart Required: Yes
Instructions:
1. Backup your JumpServer configuration and data. 2. Update to v3.10.19 (for v3.x branch) or v4.10.5 (for v4.x branch). 3. Restart all JumpServer services. 4. Verify the update was successful by checking the version.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rule
allBlock requests to the vulnerable endpoint or filter Referer headers containing external domains
Reverse Proxy Filtering
linuxConfigure reverse proxy (nginx, Apache) to block or sanitize Referer headers for /core/i18n// endpoint
🧯 If You Can't Patch
- Implement strict web filtering to block redirects to external domains
- Deploy user awareness training about phishing risks and URL verification
🔍 How to Verify
Check if Vulnerable:
Test by accessing /core/i18n// endpoint with a manipulated Referer header pointing to an external domain and check if redirect occursCheck Version:
Check JumpServer web interface admin panel or run: docker exec jumpserver_core python -c "import jumpserver; print(jumpserver.__version__)"Verify Fix Applied:
After patching, repeat the vulnerability test - the system should no longer redirect based on Referer header📡 Detection & Monitoring
Log Indicators:
- Multiple 302 redirect responses from /core/i18n// endpoint
- Referer headers containing external domains in access logs
Network Indicators:
- HTTP traffic to /core/i18n// with Referer headers
- Unexpected redirects from JumpServer to external domains
SIEM Query:
source="jumpserver" AND (url_path="/core/i18n//" AND http_status=302) | stats count by src_ip, referer