CVE-2025-2622

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://gitee.com/aizuda/snail-job/issues/IBSQ24", "name": "https://gitee.com/aizuda/snail-job/issues/IBSQ24", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "refsource": ""}, {"url": "https://gitee.com/aizuda/snail-job/issues/IBSQ24", "name": "https://gitee.com/aizuda/snail-job/issues/IBSQ24", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "refsource": ""}, {"url": "https://gitee.com/aizuda/snail-job/issues/IBSQ24#note_38500450_link", "name": "https://gitee.com/aizuda/snail-job/issues/IBSQ24#note_38500450_link", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.300624", "name": "VDB-300624 | CTI Indicators (IOB, IOC, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.300624", "name": "VDB-300624 | aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.518999", "name": "Submit #518999 | gitee/github snail-job 1.4.0 Command Injection", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-2622", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2025-03-22T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:aizuda:snail-job:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-26T18:38Z"}