CVE-2025-62795 | JumpServer up to 3.10.20-lts/4.10.11-lts WebSocket Endpoint /ws/ldap/ authorization (GHSA-7893-256)

Inserito da Angelo Barbosa | Ott 30, 2025 | CVE

A vulnerability labeled as critical has been found in JumpServer up to 3.10.20-lts/4.10.11-lts. Affected by this issue is some unknown functionality of the file /ws/ldap/ of the component WebSocket Endpoint. The manipulation results in incorrect authorization.

This vulnerability is identified as CVE-2025-62795. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2025-62795 | JumpServer up to 3.10.20-lts/4.10.11-lts WebSocket Endpoint /ws/ldap/ authorization (GHSA-7893-256)

Post correlati

CVE-2025-52584 | Ashlar-Vellum Cobalt/Xenon/Argon/Lithium/Cobalt Share prior 12.6.1204.204 XE File Parser heap-based overflow (icsa-25-224-01)

CVE-2024-54438 | Gaxx Keywords Plugin up to 0.2 on WordPress cross-site request forgery

CVE-2023-52337 | Trend Micro Deep Security access control

CVE-2024-25355 | s3-url-parser 1.0.3 Regex denial of service