CVE-2025-7788
Published: 18 July 2025
Summary
CVE-2025-7788 is a low-severity Command Injection (CWE-77) vulnerability in Xuxueli Xxl-Job. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 12.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability has been identified in Xuxueli xxl-job versions up to 3.1.1, specifically in the commandJobHandler function within SampleXxlJob.java. The issue stems from improper handling of input that permits OS command injection, tracked under CWE-77 and CWE-78. It received a CVSS 4.0 score of 2.1 reflecting the need for authenticated access, yet was described as critical due to the remote attack surface.
An authenticated remote attacker can supply crafted input to the affected job handler and execute arbitrary operating system commands on the server hosting the executor. Successful exploitation grants limited control over confidentiality, integrity, and availability within the job execution context, with a publicly disclosed proof-of-concept already available.
The EPSS score has remained flat at 0.0356 with no observed increase since disclosure. The referenced GitHub issue and Vuldb entries confirm public availability of exploit details but provide no additional information on patches or configuration workarounds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21884
Vulnerability details
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely.…
more
The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in remotely accessible xxl-job executor enables exploitation of public-facing applications (T1190), indirect command execution via the vulnerable handler (T1202), and adversary use of command and scripting interpreters (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of untrusted input to the commandJobHandler, blocking the OS command injection vector at its source.
Mandates timely application of patches or updates to remediate the publicly disclosed flaw in SampleXxlJob.java before exploitation occurs.
Requires disabling or removing non-essential functionality such as the vulnerable commandJobHandler when it cannot be securely used.