CVE-2025-7788

MediumPublic PoC

Published: 18 July 2025

Published

18 July 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0078 73.8th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7788 is a medium-severity Command Injection (CWE-77) vulnerability in Xuxueli Xxl-Job. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 26.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 2 other techniques.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

SI-10 Information Input Validation

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1202 Indirect Command Execution Stealth

Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

attack.mitre.org →

Why these techniques?

OS command injection in remotely accessible xxl-job executor enables exploitation of public-facing applications (T1190), indirect command execution via the vulnerable handler (T1202), and adversary use of command and scripting interpreters (T1059).

NVD Description

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely.…

The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-7788 is a critical OS command injection vulnerability in Xuxueli xxl-job versions up to 3.1.1. The flaw affects the commandJobHandler function in the file src/main/java/com/xxl/job/executor/service/jobhandler/SampleXxlJob.java, where manipulation enables arbitrary OS command execution. Published on 2025-07-18, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWE-77 (Command Injection) and CWE-78 (OS Command Injection).

The vulnerability is exploitable remotely by authenticated attackers with low privileges over the network, with low complexity and no user interaction required. Exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling command execution within the context of the affected job handler.

Advisories detail the issue in the project's GitHub repository at https://github.com/xuxueli/xxl-job/issues/3750 and VulDB entries at https://vuldb.com/?ctiid.316849, https://vuldb.com/?id.316849, and https://vuldb.com/?submit.615758. The exploit has been publicly disclosed and may be actively used.

The public availability of the exploit underscores the need for immediate patching or disabling of the vulnerable SampleXxlJob handler in affected deployments.

Details

CWE(s): CWE-77 CWE-78

Affected Products

xuxueli

xxl-job

≤ 3.1.1

CVEs Like This One

CVE-2025-7787Same product: Xuxueli Xxl-Job

CVE-2025-8818Shared CWE-77, CWE-78

CVE-2025-9580Shared CWE-77, CWE-78

CVE-2025-1676Shared CWE-77, CWE-78

CVE-2025-2701Shared CWE-77, CWE-78

CVE-2026-2184Shared CWE-77, CWE-78

CVE-2026-5973Shared CWE-77, CWE-78

CVE-2025-59740Shared CWE-77, CWE-78

CVE-2025-1610Shared CWE-77, CWE-78

CVE-2025-1536Shared CWE-77, CWE-78

References

https://github.com/xuxueli/xxl-job/issues/3750
Exploit, Issue Tracking, Vendor Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.316849
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.316849
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.615758
Third Party Advisory, VDB Entry · cna@vuldb.com