Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1mOHZ3LTh2Z2gtMjJyOc4ABKRv

Low CVSS: 2.1 EPSS: 0.00038% (0.10083 Percentile) EPSS:
Permalink JSON

XXL-JOB is vulnerable to SSRF attacks

Affected Packages Affected Versions Fixed Versions
maven:com.xuxueli:xxl-job-core <= 3.1.1 No known fixed version
120 Dependent packages
1,394 Dependent repositories

Affected Version Ranges

All affected versions

1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.8.1, 1.8.2, 1.9.0, 1.9.1, 1.9.2, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.5.0, 3.0.0, 3.1.0, 3.1.1

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References:

Identifiers

GHSA-f8vw-8vgh-22r9

CVE-2025-7787

Risk

Severity

Low

CVSS

CVSS Score: 2.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS

EPSS Percentage: 0.00038

EPSS Percentile: 0.10083

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/xuxueli/xxl-job

Date and time

Published

13 days ago

Updated

10 days ago

API

JSON