CVE-2025-61669
mediumCVSS v3 Base Score
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 99% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Jupyter Server. The login flow's `next` query parameter is insufficiently validated, allowing redirects to arbitrary external domains. A remote attacker can exploit this vulnerability by crafting a malicious login URL, which could redirect users to a harmful website and facilitate phishing attacks.
CWE
CWE-601Affected Products
Migration Toolkit for Applications 8Red Hat OpenShift AI (RHOAI)