CVE-2025-9264

medium

Published 2025-08-21 · Modified 2026-05-07

CVSS v3

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVSS v2

5.5

VIR risk

5.4

Description

xxl-job Jobs Handler remove function allows improper control of resource identifiers via ID parameter

Exploit likelihood

64%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/xuxueli/xxl-job/issues/3773#issue-3308389841

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/xuxueli/xxl-job/issues/3773

Ecosystem	Package	Vulnerable	Fixed
Maven	com.xuxueli:xxl-job-admin	`<3.2.0`	`3.2.0`
MAVEN	com.xuxueli:xxl-job-admin	`<= 3.1.1`	`3.2.0`

Vendor	Product	Versions	Fixed
xuxueli	xxl-job	`{"endIncluding":"3.1.1"}`

CWE-99 CWE-639

Verify integrity in audit chain (admin only). AS-IS.