CVE-2025-62795 – JumpServer Unauthorized LDAP Configuration Access via WebSocket

CVE ID : CVE-2025-62795

Published : Oct. 30, 2025, 4:56 p.m. | 30 minutes ago

Description : JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, bypassing authorization checks and potentially exposing LDAP credentials or causing unintended sync operations. This vulnerability is fixed in v3.10.21-lts and v4.10.12-lts.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…