quequnlong shiyi-blog Job SysJobController.java deserialization_CVE-2025-12305

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-12305

Source VulDB

Published Oct 27, 2025 at 18:32

Modified Oct 27, 2025 at 20:34

Affected Product

Vendor quequnlong

Product shiyi-blog

Version 1.2.0

Affected Versions quequnlong shiyi-blog 1.2.0
quequnlong shiyi-blog 1.2.1

CWE Classification

CWE-502 CWE-20

References

{
    "lastseen": "",
    "description": "A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used.",
    "published": "2025-10-27T18:32:08.283Z",
    "modified": "2025-10-27T20:34:58.437Z",
    "type": "cve",
    "title": "quequnlong shiyi-blog Job SysJobController.java deserialization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329977\nhttps://vuldb.com/?ctiid.329977\nhttps://vuldb.com/?submit.676725\nhttps://vuldb.com/?submit.676730\nhttps://github.com/dongodid/cve-sub/blob/main/shiyi-blog/RCE.md",
    "id": "CVE-2025-12305",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "quequnlong shiyi-blog 1.2.0\nquequnlong shiyi-blog 1.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "shiyi-blog",
    "version": "1.2.0",
    "vendor": "quequnlong",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}