Medium severity6.3GHSA Advisory· Published Dec 14, 2025· Updated Apr 15, 2026
CVE-2025-14674
CVE-2025-14674
Description
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injection. The attack can be launched remotely. Upgrading to version 1.7.0-beta1 addresses this issue. The patch is identified as 978f316c38b3d68bb74d2489b5e5f721f6675e86. The affected component should be upgraded.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.aizuda:snail-jobMaven | < 1.7.0-beta1 | 1.7.0-beta1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-3f8c-8h8v-p54hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-14674ghsaADVISORY
- gitee.com/aizuda/snail-job/commit/978f316c38b3d68bb74d2489b5e5f721f6675e86nvdWEB
- gitee.com/aizuda/snail-job/issues/ICNUG0nvdWEB
- gitee.com/aizuda/snail-job/issues/ICNUG0nvdWEB
- gitee.com/aizuda/snail-job/releases/tag/vsj1.7.0-beta1nvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
News mentions
0No linked articles in our index yet.