CVE-2025-12305

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
quequnlongshiyi-blog
𝑥
≤ 1.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/dongodid/cve-sub/blob/main/shiyi-blog/RCE.md
https://vuldb.com/?ctiid.329977
https://vuldb.com/?id.329977
https://vuldb.com/?submit.676725
https://vuldb.com/?submit.676730