Vulnerability Description
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quequnlong | Shiyi-Blog | <= 1.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/dongodid/cve-sub/blob/main/shiyi-blog/RCE.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.329977Permissions RequiredVDB Entry
- https://vuldb.com/?id.329977Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.676725Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.676730Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-12305?
CVE-2025-12305 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The...
How severe is CVE-2025-12305?
CVE-2025-12305 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-12305?
Check the references section above for vendor advisories and patch information. Affected products include: Quequnlong Shiyi-Blog.