CVE-2025-13250

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WeiYe-Jing datax-web versions up to 2.1.2

Description A flaw exists in the Job Handler component of WeiYe-Jing datax-web, specifically within the remove, update, pause, start, and triggerJob functions. This issue results in improper access controls, potentially allowing for remote exploitation. The exploit is publicly available.

Recommendations Versions prior to 2.1.2 should be updated. As a temporary workaround, consider disabling the remove, update, pause, start, and triggerJob functions until a patch is available.

Exploit

Fix

Improper Access Control

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-266

Related Identifiers

CVE-2025-13250

Affected Products

Datax-Web

CVE-2025-13250

Weakness Enumeration

Related Identifiers

Affected Products

References · 10