CVE-2025-7787

Medium CVSS: 5.3

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Vendor

Xuxueli

Product

Xxl-job

CWE

CWE-918

Yayın Tarihi

2025-07-18 15:15:31

Güncelleme

2025-09-11 17:16:38

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-918 Xxl-job MEDIUM Xuxueli 2025

Referanslar

https://github.com/xuxueli/xxl-job/issues/3749 https://vuldb.com/?ctiid.316848 https://vuldb.com/?id.316848 https://vuldb.com/?submit.615741 https://github.com/xuxueli/xxl-job/issues/3749

Benzer Kayıtlar

Medium

CVE-2025-60646

A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitr…

Medium

CVE-2025-60645

A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module…

Medium

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src…

Medium

CVE-2025-9263

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByG…

Medium

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the fu…

Medium

CVE-2025-7788

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability…