CVE-2025-7789

Name of the Vulnerable Software and Affected Versions xxl-job versions up to 3.1.1

Description A flaw exists within the makeToken function located in src/main/java/com/xxl/job/admin/controller/IndexController.java of the Token Generation component. This issue involves password hashing with insufficient computational effort, potentially allowing for unauthorized access. The attack can be initiated remotely, but is considered difficult to exploit. The exploit details have been publicly disclosed.

Recommendations Update to a version beyond 3.1.1.