- Description
- JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, bypassing authorization checks and potentially exposing LDAP credentials or causing unintended sync operations. This vulnerability is fixed in v3.10.21-lts and v4.10.12-lts.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- jumpserver
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 4.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-863
- Hype score
- Not currently trending
CVE-2025-62795 LDAP Configuration Test Bypass in JumpServer Versions Prior to 3.10.21-lts and 4.10.12-lts https://t.co/gIk6BmjSU7
@VulmonFeeds
30 Oct 2025
101 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-62795 JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticat… https://t.co/d9RLpOwIDf
@CVEnew
30 Oct 2025
159 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0D5F68-C04D-4090-B520-BC123E079B67",
"versionEndExcluding": "3.10.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A27A2C67-F249-4095-A9F8-20673685125B",
"versionEndExcluding": "4.10.12",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]