CVE-2025-7787
BaseFortify
Publication date: 2025-07-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xuxueli | xxl-job | to 3.1.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7787 is a Server-Side Request Forgery (SSRF) vulnerability in the xxl-job open-source project maintained by Xuxueli, affecting versions up to 3.1.1. The vulnerability exists in the httpJobHandler function, where the URL parameter used for making HTTP requests is fully controllable by an attacker but lacks proper validation or filtering. This allows an attacker to make the vulnerable server send crafted HTTP requests to arbitrary internal or external network services, potentially accessing or interacting with services that are otherwise inaccessible. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely exploit the vulnerable server to send unauthorized HTTP requests to internal or protected network services. This can lead to unauthorized access to sensitive internal resources, information disclosure, and potentially further exploitation of internal systems. The SSRF flaw impacts the confidentiality, integrity, and availability of the affected system, posing a significant security risk. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized HTTP requests originating from the server to internal or unexpected external URLs, especially those triggered by the `httpJobHandler` function. Network traffic analysis tools can be used to identify such SSRF attempts. Additionally, inspecting logs for requests to the `/run` endpoint with JSON payloads specifying `executorHandler` as `httpJobHandler` and user-controlled URLs can help detect exploitation attempts. A practical approach is to capture and analyze HTTP requests to the vulnerable service and look for suspicious parameters in the `executorParams` field. Specific commands depend on your environment, but examples include using tools like tcpdump or Wireshark to monitor outgoing HTTP requests, or grep to search logs for suspicious patterns. For example, on a Linux system, you might use: `tcpdump -i any -A 'tcp port 80 or tcp port 443'` to capture HTTP traffic, or `grep -r 'httpJobHandler' /var/log/xxl-job/` to find relevant log entries. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the vulnerable `httpJobHandler` functionality in xxl-job, especially if it is exposed to untrusted users. Since no known mitigations or patches are currently available, it is recommended to replace or upgrade the affected component to a version that addresses the vulnerability once available. Additionally, implementing network-level controls such as firewall rules to restrict outbound HTTP requests from the server to only trusted destinations can reduce the risk of SSRF exploitation. Monitoring and alerting on suspicious outbound requests and applying strict input validation or sanitization on user-supplied URLs if possible are also advisable interim measures. [2]