CVE-2025-14518

EUVD-2025-202699
A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
powerjobpowerjob
𝑥
≤ 5.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/PowerJob/PowerJob/issues/1144
https://github.com/PowerJob/PowerJob/issues/1144#issue-3673393002
https://vuldb.com/?ctiid.335856
https://vuldb.com/?id.335856
https://vuldb.com/?submit.702896
https://github.com/PowerJob/PowerJob/issues/1144
https://github.com/PowerJob/PowerJob/issues/1144#issue-3673393002