CVE-2025-7787
Published: 18 July 2025
Summary
CVE-2025-7787 is a low-severity SSRF (CWE-918) vulnerability in Xuxueli Xxl-Job. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked in the top 39.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-7787 is a critical server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting Xuxueli xxl-job versions up to 3.1.1. The issue resides in the httpJobHandler function within the file src/main/java/com/xxl/job/executor/service/jobhandler/SampleXxlJob.java. It enables remote manipulation leading to SSRF, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). The vulnerability was published on 2025-07-18.
An attacker with low privileges (PR:L), such as an authenticated user, can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability through SSRF, potentially enabling unauthorized requests to internal resources. The exploit has been publicly disclosed and may be used by attackers.
Advisories and details are available in GitHub issue #3749 on the xuxueli/xxl-job repository and VulDB entries (ctiid.316848, id.316848, submit.615741), where the vulnerability was reported and analyzed. Practitioners should review these sources for any patches, workarounds, or upgrade guidance, as no specific mitigation details are outlined in the core CVE data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21877
Vulnerability details
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The…
more
exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability enables exploitation of public-facing application (T1190), network service discovery on internal hosts via forged requests (T1046), and facilitates exploitation of vulnerable internal remote services (T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces information flow policies that directly block the unauthorized server-initiated requests to internal resources enabled by the SSRF flaw in httpJobHandler.
Requires validation of all inputs to httpJobHandler so that attacker-supplied URLs cannot be used to trigger server-side requests.
Implements boundary controls that can restrict or monitor the outbound network connections abused by the SSRF exploit.