CVE-2025-11581

MEDIUM5.3EPSS 0.04%

PowerJob OpenAPIController is missing authorization

Published: 10/10/2025Modified: 10/27/2025

Description

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Affected packages (1)

Maven/tech.powerjob:powerjob-server-starterfrom 0, <= 5.1.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-11581
PATCHhttps://github.com/PowerJob/PowerJob
WEBhttps://github.com/PowerJob/PowerJob/issues/1128
WEBhttps://vuldb.com/?ctiid.327903
WEBhttps://vuldb.com/?id.327903
WEBhttps://vuldb.com/?submit.662558