{"id":"CVE-2025-7788","details":"A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\\main\\java\\com\\xxl\\job\\executor\\service\\jobhandler\\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.","modified":"2026-04-10T05:37:03.821978Z","published":"2025-07-18T15:15:31.967Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.316849"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.615758"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.316849"},{"type":"REPORT","url":"https://github.com/xuxueli/xxl-job/issues/3750"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xuxueli/xxl-job","events":[{"introduced":"0"},{"last_affected":"cdb54254d0dc8cb3219102c095419c8b225c9e8a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.1.1"}]}}],"versions":["1.0.0.0","2.0.2","2.1.0","2.1.1","2.1.2","2.3.0","2.3.1","2.4.0","2.4.1","2.4.2","2.5.0","3.0.0","3.1.0","3.1.1","v1.3.0","v1.3.1","v1.3.2","v1.4.0","v1.5.0","v1.5.1","v1.5.2","v1.6.0","v1.6.1","v1.6.2","v1.7.0","v1.7.1","v1.7.2","v1.8.0","v1.8.1","v1.8.2","v1.9.0","v1.9.1","v2.0.0","v2.0.1","v2.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7788.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}