Vulnerabilities > CVE-2025-2622 - Unspecified vulnerability in Aizuda Snail-Job 1.4.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

aizuda

NVD

Published: 2025-03-22

Updated: 2025-03-26

Summary

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Vulnerable Configurations

Part	Description	Count
Application	Aizuda Aizuda Snail JOB 1.4.0	1

References

https://gitee.com/aizuda/snail-job/issues/IBSQ24
https://gitee.com/aizuda/snail-job/issues/IBSQ24
https://gitee.com/aizuda/snail-job/issues/IBSQ24#note_38500450_link
https://vuldb.com/?ctiid.300624
https://vuldb.com/?id.300624
https://vuldb.com/?submit.518999