JumpServer Connection Token Improper Authentication Vulnerability (CVE-2025-62712) Notice
November 7, 2025
Overview Recently, NSFOCUS CERT detected that JumpServer issued a security bulletin to fix the JumpServer connection token improper authentication vulnerability (CVE-2025-62712); Due to improper authentication of JumpServer’s /api/v1/authentication/super-connection-token/hyper-connected endpoint, attackers with low-privilege accounts can obtain the connection tokens of all system users and connect to managed assets as them, thereby achieving unauthorized access and privilege […]
JumpServer Remote Code Execution Vulnerability (CVE-2024-29201/CVE-2024-29202) Notice
April 3, 2024
Overview Recently, NSFOCUS CERT detected that JumpServer issued a security announcement and fixed two remote code execution vulnerabilities. At present, the PoC of the vulnerability has been made public. Affected users should take protective measures as soon as possible. CVE-2024-29201: Since the Ansible module in JumpServer does not perform complete input verification, attackers with low-privilege […]
JumpServer Remote Command Execution Vulnerability Threat Alert
January 21, 2021
Overview
On January 15, 2021, Beijing time, JumpServer released an emergency bulletin to announce a remote command execution vulnerability in its bastion host and advised users to fix it as soon as possible, especially those whose JumpServer can be accessed via the Internet.
(more…)