CNNVD-202511-1818 Information

CNNVD ID

CNNVD-202511-1818

Related CVE

CVE-2025-13250

• CNNVD Published: 2025-11-16

Description (Chinese)

DataX-Web是WeiYe个人开发者的一个在 DataX 之上开发的分布式数据同步工具。 DataX-Web 2.1.2及之前版本存在访问控制错误漏洞，该漏洞源于组件Job Handler中函数remove/update/pause/start/triggerJob的错误操作，可能导致访问控制不当。

Description (English)

DataX-Web is a distributed data synchronization tool developed by the WeiYe personal developer on DataX. DataX-Web 2.1.2 and previous versions have access control bugs that stem from the error of the function remove/update/pause/start/triggerJob in component Job Handler, which may lead to inappropriate access controls.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

个人开发者

Published

2025-11-16

Last Modified

2026-02-24

References

https://github.com/Xzzz111/exps/blob/main/archives/datax-web-broken-access-control-1/report.md https://vuldb.com/?ctiid.332584 https://vuldb.com/?id.332584 https://vuldb.com/?submit.687604 https://access.redhat.com/security/cve/cve-2025-13250