{"id":"CVE-2025-7787","details":"A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\\main\\java\\com\\xxl\\job\\executor\\service\\jobhandler\\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.","aliases":["GHSA-f8vw-8vgh-22r9"],"modified":"2026-04-10T05:37:03.799818Z","published":"2025-07-18T15:15:31.767Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.316848"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.615741"},{"type":"REPORT","url":"https://github.com/xuxueli/xxl-job/issues/3749"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.316848"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xuxueli/xxl-job","events":[{"introduced":"0"},{"last_affected":"cdb54254d0dc8cb3219102c095419c8b225c9e8a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.1"}]}}],"versions":["1.0.0.0","2.0.2","2.1.0","2.1.1","2.1.2","2.3.0","2.3.1","2.4.0","2.4.1","2.4.2","2.5.0","3.0.0","3.1.0","3.1.1","v1.3.0","v1.3.1","v1.3.2","v1.4.0","v1.5.0","v1.5.1","v1.5.2","v1.6.0","v1.6.1","v1.6.2","v1.7.0","v1.7.1","v1.7.2","v1.8.0","v1.8.1","v1.8.2","v1.9.0","v1.9.1","v2.0.0","v2.0.1","v2.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7787.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}