Xuxueli xxl-job JobLogController.java getJobsByGroup resource injection_CVE-2025-9263

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-9263

Source VulDB

Published Aug 20, 2025 at 23:02

Affected Product

Vendor Xuxueli

Product xxl-job

Version 3.1.0

Affected Versions Xuxueli xxl-job 3.1.0
Xuxueli xxl-job 3.1.1

CWE Classification

CWE-99

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-08-20T23:02:09.629Z",
    "modified": "2025-08-20T23:02:09.629Z",
    "type": "cve",
    "title": "Xuxueli xxl-job JobLogController.java getJobsByGroup resource injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320805\nhttps://vuldb.com/?ctiid.320805\nhttps://vuldb.com/?submit.631704\nhttps://github.com/xuxueli/xxl-job/issues/3772\nhttps://github.com/xuxueli/xxl-job/issues/3772#issue-3308329205",
    "id": "CVE-2025-9263",
    "bulletinFamily": "",
    "cwe": [
        "CWE-99"
    ],
    "cvelist": null,
    "sourceData": "Xuxueli xxl-job 3.1.0\nXuxueli xxl-job 3.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "xxl-job",
    "version": "3.1.0",
    "vendor": "Xuxueli",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}