CVE-2025-14674

Summary

A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injection. The attack can be launched remotely. Upgrading to version 1.7.0-beta1 addresses this issue. The patch is identified as 978f316c38b3d68bb74d2489b5e5f721f6675e86. The affected component should be upgraded.

Affected Software

VendorProductVersion RangeStatus
aizudasnail-job1.0affected
aizudasnail-job1.1affected
aizudasnail-job1.2affected
aizudasnail-job1.3affected
aizudasnail-job1.4affected
aizudasnail-job1.5affected
aizudasnail-job1.6.0affected
aizudasnail-job1.7.0-beta1unaffected

Weaknesses

  • CWE-74: Injection
  • CWE-707: Improper Neutralization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References