Skip to main content

Jupyter Server CVE-2025-61669

| EUVD-2025-209644 MEDIUM
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-05-05 GitHub_M GHSA-qh7q-6qm3-653w
Open Redirect Red Hat Suse
6.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 05, 2026 - 16:32 vuln.today
CVSS changed
May 05, 2026 - 16:22 NVD
6.3 (MEDIUM)

DescriptionNVD

Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler._redirect_safe(), which allows redirects to arbitrary external domains via values such as ///example.com. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.

AnalysisAI

Open redirect vulnerability in Jupyter Server through version 2.17.0 allows unauthenticated remote attackers to redirect users to arbitrary external domains via insufficiently validated next query parameters in the login flow, enabling phishing attacks. User interaction (clicking a crafted login link) is required. The vulnerability is fixed in version 2.18.0.

Technical ContextAI

Jupyter Server is the backend runtime for Jupyter web applications, providing the HTTP server and API layer for notebook interfaces. The vulnerability exists in the LoginFormHandler._redirect_safe() function, which validates the 'next' query parameter used in post-login redirects. The validation logic fails to properly distinguish between legitimate relative redirects and open redirect payloads using protocol-relative URLs (e.g., ///example.com), which browsers interpret as absolute external URLs. This is a classic CWE-601 (URL Redirection to Untrusted Site) flaw where insufficient input sanitization on redirect targets allows attackers to bypass domain restrictions.

RemediationAI

Upgrade Jupyter Server to version 2.18.0 or later, which includes validation fixes to the LoginFormHandler._redirect_safe() method. Organizations unable to upgrade immediately should implement network controls to restrict access to the Jupyter Server login endpoint (/login) to trusted networks or require authentication proxies that validate redirect targets upstream. Additionally, educate users not to click login links from untrusted sources and consider using security headers such as X-Frame-Options and Content-Security-Policy to mitigate phishing effectiveness if users are redirected to malicious sites. No workaround patches or configuration-level fixes are documented; upgrading is the primary remediation.

More from same product – last 7 days

CVE-2026-9277 HIGH
8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Share

CVE-2025-61669 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy