CVE-2025-12305

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions quequnlong shiyi-blog versions up to 1.2.1

Description A flaw exists in the Job Handler component of quequnlong shiyi-blog. The issue involves deserialization within an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java. This can be exploited remotely. The exploit is publicly available.

Recommendations Versions prior to 1.2.1 should be updated. As a temporary workaround, consider restricting access to the SysJobController.java file to minimize the risk of exploitation.

Exploit

Fix

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

CVE-2025-12305

Affected Products

Shiyi-Blog

CVE-2025-12305

Weakness Enumeration

Related Identifiers

Affected Products

References · 8