CVE-2025-9264

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Xuxueli xxl-job versions up to 3.1.1

Description: A vulnerability exists in Xuxueli xxl-job. The issue affects the remove function within the /src/main/java/com/xxl/job/admin/controller/JobInfoController.java file of the Jobs Handler component. Manipulation of the ID argument leads to improper control of resource identifiers, potentially allowing for remote exploitation. The exploit for this issue has been publicly released.

Recommendations: Versions prior to 3.1.1 are affected.

Exploit

Fix

RCE

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-99

Related Identifiers

CVE-2025-9264

GHSA-GJX6-H8HM-C9RQ

Affected Products

Xxl-Job

CVE-2025-9264

Weakness Enumeration

Related Identifiers

Affected Products

References · 12