Skip to main content

Jupyter Server EUVDEUVD-2025-209644

| CVE-2025-61669 MEDIUM
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-05-05 GitHub_M GHSA-qh7q-6qm3-653w
6.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
MEDIUM
qualitative
Red Hat
6.1 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 05, 2026 - 16:32 vuln.today
CVSS changed
May 05, 2026 - 16:22 NVD
6.3 (MEDIUM)

DescriptionGitHub Advisory

Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler._redirect_safe(), which allows redirects to arbitrary external domains via values such as ///example.com. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.

AnalysisAI

Open redirect vulnerability in Jupyter Server through version 2.17.0 allows unauthenticated remote attackers to redirect users to arbitrary external domains via insufficiently validated next query parameters in the login flow, enabling phishing attacks. User interaction (clicking a crafted login link) is required. The vulnerability is fixed in version 2.18.0.

Technical ContextAI

Jupyter Server is the backend runtime for Jupyter web applications, providing the HTTP server and API layer for notebook interfaces. The vulnerability exists in the LoginFormHandler._redirect_safe() function, which validates the 'next' query parameter used in post-login redirects. The validation logic fails to properly distinguish between legitimate relative redirects and open redirect payloads using protocol-relative URLs (e.g., ///example.com), which browsers interpret as absolute external URLs. This is a classic CWE-601 (URL Redirection to Untrusted Site) flaw where insufficient input sanitization on redirect targets allows attackers to bypass domain restrictions.

RemediationAI

Upgrade Jupyter Server to version 2.18.0 or later, which includes validation fixes to the LoginFormHandler._redirect_safe() method. Organizations unable to upgrade immediately should implement network controls to restrict access to the Jupyter Server login endpoint (/login) to trusted networks or require authentication proxies that validate redirect targets upstream. Additionally, educate users not to click login links from untrusted sources and consider using security headers such as X-Frame-Options and Content-Security-Policy to mitigate phishing effectiveness if users are redirected to malicious sites. No workaround patches or configuration-level fixes are documented; upgrading is the primary remediation.

CVE-2017-1000117 HIGH POC
8.8 Oct 05

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL ca

CVE-2024-52875 HIGH POC
8.8 Jan 31

GFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of

CVE-2016-5385 HIGH POC
8.1 Jul 19

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect

CVE-2013-2248 MEDIUM POC
5.8 Jul 20

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to

CVE-2012-6499 MEDIUM POC
5.8 Jan 12

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows

CVE-2015-2863 MEDIUM POC
4.3 Jul 20

Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 b

CVE-2017-3528 MEDIUM POC
5.4 Apr 24

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li

CVE-2012-0518 MEDIUM
4.7 Oct 16

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3

CVE-2024-21641 MEDIUM POC
6.5 Jan 05

Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2015-5354 MEDIUM POC
5.8 Jul 01

Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites

CVE-2015-5461 MEDIUM POC
6.4 Jul 08

Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for

CVE-2024-22891 CRITICAL POC
9.8 Mar 01

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. Rated crit

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed

Share

EUVD-2025-209644 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy