CVE-2025-7789

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-7789
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7789.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-7789
Aliases
Published
2025-07-18T16:15:31.487Z
Modified
2026-05-07T05:41:25.272856339Z
Severity
  • 2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/xuxueli/xxl-job

Affected ranges

Type
GIT
Repo
https://github.com/xuxueli/xxl-job
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cdb54254d0dc8cb3219102c095419c8b225c9e8a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.1"
        }
    ]
}

Affected versions

1.*
1.0.0.0
2.*
2.0.2
2.1.0
2.1.1
2.1.2
2.3.0
2.3.1
2.4.0
2.4.1
2.4.2
2.5.0
3.*
3.0.0
3.1.0
3.1.1
v1.*
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.1
v1.8.2
v1.9.0
v1.9.1
v2.*
v2.0.0
v2.0.1
v2.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7789.json"