CVE-2025-2622 — MEDIUM (6.3)

Vulnerability Description

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Aizuda	Snail-Job	1.4.0

Related Weaknesses (CWE)

CWE-20 CWE-502

References

https://gitee.com/aizuda/snail-job/issues/IBSQ24ExploitIssue TrackingThird Party Advisory
https://gitee.com/aizuda/snail-job/issues/IBSQ24#note_38500450_linkExploitIssue TrackingThird Party Advisory
https://vuldb.com/?ctiid.300624Permissions RequiredVDB Entry
https://vuldb.com/?id.300624Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.518999ExploitThird Party AdvisoryVDB Entry
https://gitee.com/aizuda/snail-job/issues/IBSQ24ExploitIssue TrackingThird Party Advisory

FAQ

What is CVE-2025-2622?

CVE-2025-2622 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Work...

How severe is CVE-2025-2622?

CVE-2025-2622 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-2622?

Check the references section above for vendor advisories and patch information. Affected products include: Aizuda Snail-Job.