CVE-2025-2622
Published: 22 March 2025
Description
Adversaries may create or modify references in user document templates to conceal malicious code or force authentication attempts.
Security Summary
CVE-2025-2622 is a critical deserialization vulnerability in aizuda snail-job version 1.4.0, affecting the getRuntime function within the /snail-job/workflow/check-node-expression endpoint of the Workflow-Task Management Module. By manipulating the nodeExpression argument, an attacker can trigger deserialization of untrusted data, as classified under CWE-20 (Improper Input Validation) and CWE-502 (Deserialization of Untrusted Data). The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-22.
An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution or denial-of-service within the scope of the workflow task management component.
Advisories and further details are available in referenced sources, including Gitee issue tracker entries at https://gitee.com/aizuda/snail-job/issues/IBSQ24 and related notes, as well as VulDB entries at https://vuldb.com/?ctiid.300624, https://vuldb.com/?id.300624, and https://vuldb.com/?submit.518999. The exploit has been publicly disclosed and may be used by attackers.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE-2025-2622 enables remote code execution via SpEL injection in the workflow node expression validation endpoint of snail-job, facilitating exploitation of public-facing web applications (T1190) and template injection (T1221).