CVE-2025-62712 CRITICAL

CVE-2025-62712: JumpServer Connection Token Leak Vulnerability

Vendor Jumpserver
Product jumpserver
Weakness CWE-862 · Missing authorization
Published October 30, 2025
Last update October 31, 2025
View on NVD All CVEs

CVSS base score

9.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint (/api/v1/authentication/super-connection-token/). When accessed from a web browser, this endpoint returns connection tokens created by all users instead of restricting results to tokens owned by or authorized for the requester. An attacker who obtains these tokens can use them to initiate connections to managed assets on behalf of the original token owners, resulting in unauthorized access and privilege escalation across sensitive systems. This vulnerability is fixed in v3.10.20-lts and v4.10.11-lts.

Key dates

02Disclosure timeline

October 30, 2025 CVE published
October 31, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-67958 WordPress TaxCloud for WooCommerce plugin <= 8.3.8 - Broken Access Control vulnerability CVE-2025-59001 WordPress Salient Core plugin <= 3.0.8 - Broken Access Control vulnerability CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization CVE-2025-31739 WordPress Minimalistic Event Manager plugin <= 1.1.1 - Broken Access Control vulnerability CVE-2024-1123 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite