{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2622","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-21T20:31:30.845Z","datePublished":"2025-03-22T17:00:17.206Z","dateUpdated":"2025-03-24T19:19:27.968Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-22T17:00:17.206Z"},"title":"aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-502","lang":"en","description":"Deserialization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-20","lang":"en","description":"Improper Input Validation"}]}],"affected":[{"vendor":"aizuda","product":"snail-job","versions":[{"version":"1.4.0","status":"affected"}],"modules":["Workflow-Task Management Module"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in aizuda snail-job 1.4.0 ausgemacht. Betroffen hiervon ist die Funktion getRuntime der Datei /snail-job/workflow/check-node-expression der Komponente Workflow-Task Management Module. Mittels dem Manipulieren des Arguments nodeExpression mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-03-21T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-21T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-21T21:36:33.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"startr4ck (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.300624","name":"VDB-300624 | aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.300624","name":"VDB-300624 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.518999","name":"Submit #518999 | gitee/github snail-job 1.4.0 Command Injection","tags":["third-party-advisory"]},{"url":"https://gitee.com/aizuda/snail-job/issues/IBSQ24","tags":["exploit","issue-tracking"]},{"url":"https://gitee.com/aizuda/snail-job/issues/IBSQ24#note_38500450_link","tags":["issue-tracking"]}]},"adp":[{"references":[{"url":"https://gitee.com/aizuda/snail-job/issues/IBSQ24","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-24T19:18:54.227297Z","id":"CVE-2025-2622","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-24T19:19:27.968Z"}}]}}