CVE-2025-27095 MEDIUM

CVE-2025-27095: JumpServer has a Kubernetes Token Leak Vulnerability

Vendor Jumpserver
Product jumpserver
Weakness CWE-266
Published March 31, 2025
Last update March 31, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to intercept and capture the Kubernetes cluster token. This can potentially allow unauthorized access to the cluster and compromise its security. This vulnerability is fixed in 4.8.0 and 3.10.18.

Key dates

02Disclosure timeline

March 31, 2025 CVE published
March 31, 2025 Record updated