quequnlong shiyi-blog <1.2.1: Job Handler Deserialization Remote
CVE-2025-12305 Published on October 27, 2025
quequnlong shiyi-blog Job SysJobController.java deserialization
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-12305 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2025-12305
Want to know whenever a new CVE is published for Quequnlong Shiyi Blog? stack.watch will email you.
Affected Versions
quequnlong shiyi-blog:- Version 1.2.0 is affected.
- Version 1.2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.