CVE-2025-14674
aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injection. The attack can be launched remotely. Upgrading to version 1.7.0-beta1 addresses this issue. The patch is identified as 978f316c38b3d68bb74d2489b5e5f721f6675e86. The affected component should be upgraded.
| CWE | CWE-74 CWE-707 |
| Vendor | aizuda |
| Product | snail-job |
| Published | Dec 14, 2025 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for aizuda snail-job
Be the first to know when new medium vulnerabilities affecting aizuda snail-job are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
aizuda / snail-job
1.0 1.1 1.2 1.3 1.4 1.5 1.6.0
References
vuldb.com: https://vuldb.com/?id.336403 vuldb.com: https://vuldb.com/?ctiid.336403 gitee.com: https://gitee.com/aizuda/snail-job/issues/ICNUG0 gitee.com: https://gitee.com/aizuda/snail-job/issues/ICNUG0#note_44321424_link gitee.com: https://gitee.com/aizuda/snail-job/commit/978f316c38b3d68bb74d2489b5e5f721f6675e86 gitee.com: https://gitee.com/aizuda/snail-job/releases/tag/vsj1.7.0-beta1 gitee.com: https://gitee.com/aizuda/snail-job/
Credits
VulDB Gitee Analyzer