CVE-2025-14674
Unknown Unknown - Not Provided
Remote Code Injection in Aizuda Snail-Job QLExpressEngine

Publication date: 2025-12-14

Last updated on: 2026-02-24

Assigner: VulDB

Description
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injection. The attack can be launched remotely. Upgrading to version 1.7.0-beta1 addresses this issue. The patch is identified as 978f316c38b3d68bb74d2489b5e5f721f6675e86. The affected component should be upgraded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-14
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2025-12-14
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14674
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
aizuda snail-job 1.7.0-beta1
aizuda snail-job 1.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-707 The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14674 is an expression injection vulnerability in the Snail-Job software (versions up to 1.6.0), specifically in the QLExpressEngine.doEval method. This method evaluates user-supplied expressions without sufficient security controls, allowing attackers to submit crafted expressions through the /workflow/check-node-expression API endpoint. These malicious expressions can bypass existing blacklists and lead to remote code execution (RCE) on the server, enabling attackers to run arbitrary commands remotely. [1, 3]

Impact Analysis

Exploitation of this vulnerability allows an attacker to execute arbitrary code remotely on the affected server. This can compromise the confidentiality, integrity, and availability of the system by enabling unauthorized command execution, potentially leading to full system compromise, data breaches, or service disruption. [1, 3]

Detection Guidance

This vulnerability can be detected by monitoring and analyzing requests to the `/workflow/check-node-expression` API endpoint, which is exploited by submitting crafted expressions to the QLExpressEngine.doEval method. Detection involves looking for suspicious or unusual expressions, especially those attempting JNDI lookups like `javax.naming.InitialContext.doLookup`. Network or application logs should be inspected for POST requests to this endpoint containing such payloads. Specific commands are not provided in the resources, but monitoring HTTP POST requests to `/workflow/check-node-expression` and searching for payloads containing `javax.naming.InitialContext.doLookup` or similar suspicious expressions is recommended. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the affected Snail-Job software to version 1.7.0-beta1, which includes a patch fixing this vulnerability. Additionally, enhancing the blacklist to block dangerous expressions such as `javax.naming.InitialContext.doLookup` and implementing stricter input validation and sandboxing of expression evaluation are recommended to prevent exploitation. Applying the patch identified by commit 978f316c38b3d68bb74d2489b5e5f721f6675e86 is also advised if upgrading is not immediately possible. [1, 2, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14674. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart