CVE-2025-62795

High CVSS: 7.1

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, bypassing authorization checks and potentially exposing LDAP credentials or causing unintended sync operations. This vulnerability is fixed in v3.10.21-lts and v4.10.12-lts.

Vendor

Fit2cloud

Product

Jumpserver

CWE

CWE-863

Yayın Tarihi

2025-10-30 17:15:39

Güncelleme

2025-11-12 15:26:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Jumpserver HIGH Fit2cloud 2025

Referanslar

https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7893-256g-m822 https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7893-256g-m822

Benzer Kayıtlar

High

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Se…

High

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a cr…

High

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a S…

Medium

CVE-2026-31798

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts,…

Medium

CVE-2026-31864

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template…

Medium

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend…