CVE-2025-7788

Medium CVSS: 5.3

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor

Xuxueli

Product

Xxl-job

CWE

CWE-77

Yayın Tarihi

2025-07-18 15:15:31

Güncelleme

2025-09-11 19:52:04

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-77 Xxl-job MEDIUM Xuxueli 2025

Referanslar

https://github.com/xuxueli/xxl-job/issues/3750 https://vuldb.com/?ctiid.316849 https://vuldb.com/?id.316849 https://vuldb.com/?submit.615758

Benzer Kayıtlar

Medium

CVE-2025-60646

A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitr…

Medium

CVE-2025-60645

A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module…

Medium

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src…

Medium

CVE-2025-9263

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByG…

Medium

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the fu…

Medium

CVE-2025-7787

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function ht…