Redirect Vulnerability in Jupyter Server by Project Jupyter
CVE-2025-61669

6.3MEDIUM

Key Information:

Vendor: Jupyter-server
Status: Jupyter Server
Vendor: CVE Published:; 5 May 2026

🔔 Create Jupyter-server Vulnerability Alert

What is CVE-2025-61669?

In Jupyter Server versions through 2.17.0, the lack of sufficient validation for the next query parameter within the login flow impacts the safety of the redirection process. This vulnerability enables attackers to manipulate login URLs, permitting redirection to arbitrary external domains. Such an exploit can lead users to malicious sites, significantly increasing the risk of phishing attacks. The issue has been mitigated in version 2.18.0, underscoring the importance of keeping software updated to safeguard against potential threats.

Affected Version(s)

jupyter_server <= 2.17.0

References

https://github.com/jupyter-server/jupyter_server/security...

x_refsource_CONFIRM

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
Sep 29, 2025

CVE-2025-61669 Data

JSON