CVE-2025-15246

Summary

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Affected Software

VendorProductVersion RangeStatus
aizudasnail-job1.0affected
aizudasnail-job1.1affected
aizudasnail-job1.2affected
aizudasnail-job1.3affected
aizudasnail-job1.4affected
aizudasnail-job1.5affected
aizudasnail-job1.6affected
aizudasnail-job1.7.0affected

Weaknesses

  • CWE-502: Deserialization
  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References