CVE-2025-15246

MEDIUM 6.3

aizuda snail-job API FurySerializer.deserialize deserialization

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

CWE	CWE-502 CWE-20
Vendor	aizuda
Product	snail-job
Published	Dec 30, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for aizuda snail-job

Be the first to know when new medium vulnerabilities affecting aizuda snail-job are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

aizuda / snail-job

1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.338636 vuldb.com: https://vuldb.com/?ctiid.338636 gitee.com: https://gitee.com/aizuda/snail-job/issues/ICQV61 gitee.com: https://gitee.com/aizuda/snail-job/

Credits

VulDB Gitee Analyzer