SecuriTricks - CVE-2025-7789

Description

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Product(s) Impacted

Vendor	Product	Versions
Xuxueli	Xxl-job	<3.1.1

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	xuxueli	xxl-job	<3.1.1	/	/	/	/	/	/	/

References

https://github.com/xuxueli/xxl-job/issues/3751

https://vuldb.com/?ctiid.316850

https://vuldb.com/?id.316850

https://vuldb.com/?submit.615760

CVSS Score

6.3 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: HIGH
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE
Exploit Maturity: PROOF_OF_CONCEPT

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: July 18, 2025, 4:15 p.m.
Last Modified: July 18, 2025, 4:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

CVE-2025-7789