Main Vulnerability Database Vulnerabilities #VU117916

#VU117916 Incorrect authorization in JumpServer - CVE-2025-62795

Published: November 3, 2025

Vulnerability identifier: #VU117916

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-62795

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
JumpServer

Software vendor:
JumpServer

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to incorrect authorization. A remote user can send specially crafted messages to invoke LDAP configuration tests and start LDAP synchronization, leading to LDAP credentials exposure or unintended sync operations.

Remediation

Install updates from vendor's website.

External links

https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7893-256g-m822

#VU117916 Incorrect authorization in JumpServer - CVE-2025-62795

Description

Remediation

External links

Please verify you're human