CNNVD-202512-2197 Information

CNNVD ID

CNNVD-202512-2197

Related CVE

CVE-2025-14518

• CNNVD Published: 2025-12-11

Description (Chinese)

PowerJob是PowerJob开源的一个开源分布式计算和作业调度框架，它允许开发人员在自己的应用程序中轻松调度任务。 PowerJob 5.1.2及之前版本存在安全漏洞，该漏洞源于组件Network Request Handler的文件src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java中函数checkConnectivity对参数targetIp/targetPort的错误操作，可能导致服务端请求伪造。

Description (English)

PowerJob is an open-source distributed computing and operating scheduling framework for PowerJob open source that allows developers to easily schedule tasks in their own applications. The security loophole in PowerJob 5.1.2 and previous versions is derived from document src/main/java/tech/powerjob/common/tils/net/PingPongUtils.java ’ s misperformation of the service-level request against the parameter targetIp/targetPort.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PowerJob

Published

2025-12-11

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.335856 https://vuldb.com/?submit.702896 https://github.com/PowerJob/PowerJob/issues/1144 https://vuldb.com/?id.335856 https://github.com/PowerJob/PowerJob/issues/1144#issue-3673393002 https://access.redhat.com/security/cve/cve-2025-14518