CVE-2025-14518

Name of the Vulnerable Software and Affected Versions PowerJob versions prior to 5.1.3

Description A server-side request forgery condition exists in PowerJob. The issue is located within the Network Request Handler component, specifically in the checkConnectivity() function of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java. Manipulation of the targetIp and targetPort arguments can lead to server-side request forgery. Remote exploitation is possible, and a public exploit is available.

Recommendations Update PowerJob to version 5.1.3 or later. As a temporary workaround, consider restricting access to the checkConnectivity() function until a patch is available.