CVE-2025-61669 Jupyter CVE debrief

Who should care

Administrators, security teams, and users of Jupyter Server instances through 2.17.0 should care, especially where login links are shared directly or users may trust post-login redirects. The risk is higher when Jupyter Server is exposed to broad user populations or reachable from the public internet.

Technical summary

The vulnerability is caused by insufficient validation in `LoginFormHandler._redirect_safe()` for the `next` query parameter in the login flow. Crafted values such as `///example.com` can bypass the intended safety check and redirect users to arbitrary external domains. The supplied NVD record maps the issue to CWE-601 and lists affected Jupyter Server versions as all versions through 2.17.0, with 2.18.0 excluded as fixed.

Defensive priority

Medium. Prioritize upgrading because the issue is network-reachable and only requires user interaction, but the primary impact is redirect-based phishing rather than direct server compromise.

Recommended defensive actions

• Upgrade Jupyter Server to 2.18.0 or later.
• Review any login links or workflows that pass a `next` parameter and ensure users are not relying on untrusted redirect destinations.
• If immediate upgrading is not possible, reduce exposure of the login endpoint where practical and warn users to verify destinations after authentication.
• Track the vendor advisory for any additional remediation guidance or follow-up updates.

Evidence notes

The analysis is based on the official NVD record and the linked GitHub Security Advisory. NVD lists the vulnerable CPE as `jupyter:jupyter_server:*` with an upper bound excluded at 2.18.0, and reports CVSS v4.0 vector `AV:N/AC:L/AT:N/PR:N/UI:P/...`. The GitHub advisory reference identifies the issue as an open redirect in the login flow and ties the fix to version 2.18.0.

Official resources