CVE-2025-9264

Source
https://cve.org/CVERecord?id=CVE-2025-9264
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9264.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-9264
Aliases
Published
2025-08-20T23:32:06.406Z
Modified
2026-07-15T01:49:18.625201146Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Xuxueli xxl-job Jobs JobInfoController.java remove resource injection
Details

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Database specific
{
    "cwe_ids": [
        "CWE-99"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9264.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/xuxueli/xxl-job

Affected ranges

Type
GIT
Repo
https://github.com/xuxueli/xxl-job
Events
Database specific
{
    "cpe": "cpe:2.3:a:xuxueli:xxl-job:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.0"
        },
        {
            "introduced": "3.1.1"
        },
        {
            "last_affected": "3.1.1"
        },
        {
            "introduced": "0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

3.*
3.1.0
3.1.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9264.json"