CVE-2025-27095

EUVD-2025-8756

31.03.2025, 16:15

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to intercept and capture the Kubernetes cluster token. This can potentially allow unauthorized access to the cluster and compromise its security. This vulnerability is fixed in 4.8.0 and 3.10.18.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
GitHub_M	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Affected Products (NVD)

Vendor	Product	Version
fit2cloud	jumpserver	𝑥 < 3.10.18
fit2cloud	jumpserver	4.0.0 ≤ 𝑥 < 4.8.0

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/jumpserver/jumpserver/security/advisories/GHSA-5q9w-f4wh-f535

Common Weakness Enumeration

CWE-266 - Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References

https://github.com/jumpserver/jumpserver/security/advisories/GHSA-5q9w-f4wh-f535