CVE-2025-2622

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
aizudasnail-job
1.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gitee.com/aizuda/snail-job/issues/IBSQ24
https://gitee.com/aizuda/snail-job/issues/IBSQ24#note_38500450_link
https://vuldb.com/?ctiid.300624
https://vuldb.com/?id.300624
https://vuldb.com/?submit.518999
https://gitee.com/aizuda/snail-job/issues/IBSQ24