WeiYe-Jing datax-web Job triggerJob access control_CVE-2025-13250

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be used.

Basic Information

ID CVE-2025-13250

Source VulDB

Published Nov 16, 2025 at 12:02

Affected Product

Vendor WeiYe-Jing

Product datax-web

Version 2.1.0

Affected Versions WeiYe-Jing datax-web 2.1.0
WeiYe-Jing datax-web 2.1.1
WeiYe-Jing datax-web 2.1.2

CWE Classification

CWE-284 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be used.",
    "published": "2025-11-16T12:02:05.565Z",
    "modified": "2025-11-16T12:02:05.565Z",
    "type": "cve",
    "title": "WeiYe-Jing datax-web Job triggerJob access control",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332584\nhttps://vuldb.com/?ctiid.332584\nhttps://vuldb.com/?submit.687604\nhttps://github.com/Xzzz111/exps/blob/main/archives/datax-web-broken-access-control-1/report.md",
    "id": "CVE-2025-13250",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "WeiYe-Jing datax-web 2.1.0\nWeiYe-Jing datax-web 2.1.1\nWeiYe-Jing datax-web 2.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "datax-web",
    "version": "2.1.0",
    "vendor": "WeiYe-Jing",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}