CVE-2025-12305 MEDIUM

CVE-2025-12305: quequnlong shiyi-blog Job SysJobController.java deserialization

Vendor Quequnlong

Product shiyi-blog

Weakness CWE-502 · Unsafe deserialization

Published October 27, 2025

Last update October 27, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used.

Key dates

Disclosure timeline

October 27, 2025 CVE published

October 27, 2025 Record updated

Identifiers

CVE CVE-2025-12305

CWE CWE-502

CVSS 5.3 / MEDIUM

Affected versions

Vendor Quequnlong

Product shiyi-blog

Affected 1.2.0

Vendor Quequnlong

Product shiyi-blog

Affected 1.2.1