CVE-2025-2622

aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization

CVSS 5.3 MEDIUMEPSS 0.7%CWE-20 CWE-502

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 Mar 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected products

aizuda · snail-job

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitee.com/aizuda/snail-job/issues/IBSQ24 https://gitee.com/aizuda/snail-job/issues/IBSQ24#note_38500450_link https://vuldb.com/?ctiid.300624 https://vuldb.com/?id.300624 https://vuldb.com/?submit.518999