CVE-2025-9264

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-9264

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9264.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9264

Aliases

GHSA-gjx6-h8hm-c9rq

Published

2025-08-21T00:15:29.500Z

Modified

2026-05-07T05:41:24.942740035Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

References

Affected packages

Git / github.com/xuxueli/xxl-job

Affected ranges

Type

GIT

Repo

https://github.com/xuxueli/xxl-job

Events

Introduced

Last affected

cdb54254d0dc8cb3219102c095419c8b225c9e8a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.1"
        }
    ]
}

Affected versions

1.*

1.0.0.0

2.*

2.0.2

2.1.0

2.1.1

2.1.2

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.5.0

3.*

3.0.0

3.1.0

3.1.1

v1.*

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.1

v2.*

v2.0.0

v2.0.1

v2.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9264.json"