CVE-2025-7787

MediumPublic PoC

Published: 18 July 2025

Published

18 July 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0014 33.1th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7787 is a medium-severity SSRF (CWE-918) vulnerability in Xuxueli Xxl-Job. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Service Discovery (T1046) and 2 other techniques.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

SC-7 Boundary Protection

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

SI-10 Information Input Validation

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

SI-4 System Monitoring

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

MITRE ATT&CK Enterprise TechniquesAI

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

SSRF vulnerability enables exploitation of public-facing application (T1190), network service discovery on internal hosts via forged requests (T1046), and facilitates exploitation of vulnerable internal remote services (T1210).

NVD Description

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The…

exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-7787 is a critical server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting Xuxueli xxl-job versions up to 3.1.1. The issue resides in the httpJobHandler function within the file src/main/java/com/xxl/job/executor/service/jobhandler/SampleXxlJob.java. It enables remote manipulation leading to SSRF, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was published on 2025-07-18.

An attacker with low privileges (PR:L), such as an authenticated user, can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability through SSRF, potentially enabling unauthorized requests to internal resources. The exploit has been publicly disclosed and may be used by attackers.

Advisories and details are available in GitHub issue #3749 on the xuxueli/xxl-job repository and VulDB entries (ctiid.316848, id.316848, submit.615741), where the vulnerability was reported and analyzed. Practitioners should review these sources for any patches, workarounds, or upgrade guidance, as no specific mitigation details are outlined in the core CVE data.

Details

CWE(s): CWE-918

Affected Products

xuxueli

xxl-job

≤ 3.1.1

CVEs Like This One

CVE-2025-7788Same product: Xuxueli Xxl-Job

CVE-2026-0686Shared CWE-918

CVE-2025-1849Shared CWE-918

CVE-2025-1848Shared CWE-918

CVE-2026-4528Shared CWE-918

CVE-2025-27777Shared CWE-918

CVE-2026-40242Shared CWE-918

CVE-2026-43526Shared CWE-918

CVE-2026-5418Shared CWE-918

CVE-2023-53899Shared CWE-918

References

https://github.com/xuxueli/xxl-job/issues/3749
Exploit, Issue Tracking, Vendor Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.316848
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.316848
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.615741
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/xuxueli/xxl-job/issues/3749
Exploit, Issue Tracking, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0