CVE-2025-7789

Source
https://cve.org/CVERecord?id=CVE-2025-7789
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7789.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-7789
Aliases
Published
2025-07-18T15:14:05.920Z
Modified
2026-07-15T01:49:06.078395635Z
Severity
  • 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash
Details

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/7xxx/CVE-2025-7789.json",
    "cwe_ids": [
        "CWE-326",
        "CWE-916"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/xuxueli/xxl-job

Affected ranges

Type
GIT
Repo
https://github.com/xuxueli/xxl-job
Events
Database specific
{
    "cpe": "cpe:2.3:a:xuxueli:xxl-job:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.0"
        },
        {
            "introduced": "3.1.1"
        },
        {
            "last_affected": "3.1.1"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

3.*
3.1.0
3.1.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7789.json"