CVE-2025-9264 | Xuxueli xxl-job up to 3.1.1 Jobs JobInfoController.java remove ID resource injection (Issue 3773)

Inserito da Angelo Barbosa | Ago 20, 2025 | CVE

A vulnerability identified as problematic has been detected in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers.

This vulnerability is known as CVE-2025-9264. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

CVE-2025-9264 | Xuxueli xxl-job up to 3.1.1 Jobs JobInfoController.java remove ID resource injection (Issue 3773)

Post correlati

CVE-2025-24876 | SAP Approuter Node.js Package up to 16.7.1 redirect

CVE-2024-0649 | ZhiHuiYun up to 4.4.13 Search ImageController.php download_network_image url server-side request forgery

CVE-2024-22125 | SAP GUI Connector for Microsoft Edge 1.0 unknown vulnerability

CVE-2024-37228 | InstaWP Connect Plugin up to 0.1.0.38 on WordPress code injection