CVE-2025-2622

medium

Description

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/?submit.518999

https://vuldb.com/?id.300624

https://vuldb.com/?ctiid.300624

https://gitee.com/aizuda/snail-job/issues/IBSQ24#note_38500450_link

https://gitee.com/aizuda/snail-job/issues/IBSQ24

Details

Source: Mitre, NVD

Published: 2025-03-22

Updated: 2025-03-26

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium