Vulnerability Description
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jupyter | Jupyter Server | < 2.18.0 |
Related Weaknesses (CWE)
References
- https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6ExploitVendor Advisory
- https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6ExploitVendor Advisory
FAQ
What is CVE-2025-61669?
CVE-2025-61669 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redi...
How severe is CVE-2025-61669?
CVE-2025-61669 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-61669?
Check the references section above for vendor advisories and patch information. Affected products include: Jupyter Jupyter Server.