CVE-2025-9263

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-9263

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-9263.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-9263

Published

2025-08-20T23:15:30.500Z

Modified

2025-11-17T02:40:08.210049Z

Severity

2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/xuxueli/xxl-job

Affected ranges

Type: GIT
Repo: https://github.com/xuxueli/xxl-job
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

cdb54254d0dc8cb3219102c095419c8b225c9e8a

Affected versions

1.*

1.0.0.0

2.*

2.0.2

2.1.0

2.1.1

2.1.2

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.5.0

3.*

3.0.0

3.1.0

3.1.1

v1.*

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.1

v1.9.2

v2.*

v2.0.0

v2.0.1

v2.2.0