CVE-2025-61669 Overview
CVE-2025-61669 is an open redirect vulnerability in Jupyter Server, the backend powering Jupyter web applications. The flaw resides in the LoginFormHandler._redirect_safe() function, which insufficiently validates the next query parameter during the login flow. An attacker can craft a login URL containing values such as ///example.com to redirect authenticated users to arbitrary external domains. This behavior facilitates phishing campaigns by abusing the trust users place in legitimate Jupyter Server URLs. The issue affects jupyter_server versions through 2.17.0 and is resolved in version 2.18.0. The vulnerability is classified under CWE-601: URL Redirection to Untrusted Site.
Critical Impact
Attackers can leverage trusted Jupyter Server login URLs to redirect users to malicious phishing sites, harvesting credentials or delivering malware under the guise of a legitimate scientific computing platform.
Affected Products
- Jupyter Server versions through 2.17.0
- Jupyter web applications relying on jupyter_server for authentication
- Deployments using LoginFormHandler for browser-based login flows
Discovery Timeline
- 2026-05-05 - CVE-2025-61669 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2025-61669
Vulnerability Analysis
The vulnerability stems from improper validation of user-supplied redirect targets in the Jupyter Server login workflow. When a user authenticates, the next query parameter specifies the post-login destination URL. The LoginFormHandler._redirect_safe() method is intended to restrict redirects to same-origin paths but fails to correctly handle URLs beginning with multiple forward slashes. Inputs such as ///example.com bypass the validation logic and are interpreted by browsers as protocol-relative URLs pointing to external domains. This produces an open redirect that operates entirely within the legitimate Jupyter Server hostname before silently directing the victim elsewhere.
Root Cause
The root cause is incomplete URL parsing in _redirect_safe(). The validation does not normalize leading slash sequences before checking whether the target host matches the server origin. Browsers treat ///example.com and //example.com as schema-relative URLs, but the server-side check evaluates the value as a local path. This parser differential between server validation and browser interpretation produces the redirect bypass.
Attack Vector
The attack requires user interaction. An attacker crafts a login URL such as https://trusted-jupyter.example.org/login?next=///attacker.tld and delivers it through email, chat, or compromised pages. The victim sees a legitimate hostname and authenticates as expected. After successful login, Jupyter Server redirects the browser to the attacker-controlled domain, which can mimic the Jupyter interface to harvest credentials, prompt malicious downloads, or trigger token theft. Because the redirect occurs post-authentication, the attacker can also use the redirect to expose session-bound URL fragments or referrer data to the malicious host.
No verified public exploit code is available. See the GitHub Security Advisory GHSA-qh7q-6qm3-653w for upstream technical details.
Detection Methods for CVE-2025-61669
Indicators of Compromise
- Web server access logs containing /login requests with a next parameter that begins with multiple forward slashes, backslashes, or includes external hostnames.
- HTTP 302 responses from Jupyter Server to off-domain Location headers immediately after successful authentication events.
- Phishing reports from users referencing Jupyter Server login URLs that ultimately delivered them to unfamiliar domains.
Detection Strategies
- Parse Jupyter Server access logs for next= query parameters and flag values containing //, ///, \\, or absolute URLs to external hosts.
- Correlate authentication success events with subsequent outbound redirects and alert when the redirect target does not match the expected Jupyter origin.
- Inspect proxy and CDN telemetry for referrer chains that begin on legitimate Jupyter hosts and terminate on newly registered or low-reputation domains.
Monitoring Recommendations
- Enable verbose logging on Jupyter Server front-end proxies and forward logs to a centralized analytics platform for query-level inspection.
- Track the version of jupyter_server deployed across notebook environments and alert when instances at or below 2.17.0 are observed.
- Monitor user-reported phishing incidents and pivot on the originating URL parameters to identify abuse of vulnerable Jupyter deployments.
How to Mitigate CVE-2025-61669
Immediate Actions Required
- Upgrade jupyter_server to version 2.18.0 or later across all notebook hosts, JupyterHub deployments, and derivative distributions.
- Inventory all Jupyter Server installations, including those embedded in data science platforms and container images, to confirm patched versions.
- Notify users of the phishing risk and reinforce verification of post-login destinations until patching is complete.
Patch Information
The Jupyter Server maintainers fixed the issue in version 2.18.0 by tightening URL validation in LoginFormHandler._redirect_safe(). Refer to the GitHub Security Advisory GHSA-qh7q-6qm3-653w for the upstream fix and release notes. Administrators using package managers should pin jupyter_server>=2.18.0 in dependency manifests.
Workarounds
- Place Jupyter Server behind a reverse proxy that strips or sanitizes the next query parameter on /login requests when an upgrade cannot be performed immediately.
- Configure web application firewall rules to block login requests where the next parameter contains //, \\, or fully qualified external URLs.
- Restrict Jupyter Server access to authenticated VPN users to reduce exposure of crafted login URLs to untrusted recipients.
# Upgrade jupyter_server to the patched release
pip install --upgrade 'jupyter_server>=2.18.0'
# Verify the installed version
python -c "import jupyter_server; print(jupyter_server.__version__)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
