CVE-2025-58044 PoC — JumpServer 输入验证错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-58044.yaml

Associated Vulnerability

Title:JumpServer 输入验证错误漏洞 (CVE-2025-58044)
Description:JumpServer是中国杭州飞致云信息科技（JumpServer）公司的一款开源堡垒机。 JumpServer v3.10.19之前版本和v4.10.5之前版本存在输入验证错误漏洞，该漏洞源于/core/i18n//端点未正确验证Referer标头，可能导致开放重定向漏洞。

Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability.

File Snapshot


 id: CVE-2025-58044

info:
  name: JumpServer - Open Redirect via Referer Header
  author: DhiyaneshD

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!