CVE-2025-7789 – Xuxueli xxl-job Password Hashing Weakness

July 18, 2025

CVE ID : CVE-2025-7789

Published : July 18, 2025, 4:15 p.m. | 1 hour, 3 minutes ago

Description : A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7791 – PHPGurukul Online Security Guards Hiring System Cross-Site Scripting Vulnerability

Next Article CVE-2025-54079 – WeGIA SQL Injection Vulnerability

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

What You Need to Know About CSS Color Interpolation

Why browsers throttle JavaScript timers (and what to do about it)

Why browsers throttle JavaScript timers (and what to do about it)

How to create Google Gemini AI component in Total.js Flow

Drupal 11’s AI Features: What They Actually Mean for Your Team

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

CVE-2025-7789 – Xuxueli xxl-job Password Hashing Weakness

GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

UK civil servants saved 24 minutes per day using Microsoft Copilot, saving two weeks each per year according to a new report

Effortless Content Publishing: A Developer’s Guide to Adobe Experience Manager

Postbot–An AI Bot that Generates Scripts for You

A Breach, an Apology, and a Pledge to Change: SK Chairman Breaks Silence on Telecom Cyberattack

CVE-2025-53614 – OpenVAS vulnerability in OpenVAS

DOOM: The Dark Ages rendered at 360p is proof if ever it were needed that DLSS 4 is pure witchcraft

How to Create a Custom Model Context Protocol (MCP) Client Using Gemini

CVE-2025-9672 – Rejseplanen App Android Manifest XML Component Export Vulnerability

CVE-2025-7789 – Xuxueli xxl-job Password Hashing Weakness

Related Posts