CVE Daily

CVE-2025-7787

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job ...

Medium CVSS 6.3

Overview

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CWE: CWE-918 Published: 2025-07-18T15:15:31.767
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.3 (MEDIUM)
  • Detected tags: ssrf (tag impact: MODERATE)

Recommended actions:

  • Deny access to internal/metadata addresses; use outbound allowlists.

Recommended tools

Tags