XXL-Job 3.1.1 TokenGen Weak Hash Remotely
CVE-2025-7789 Published on July 18, 2025
Xuxueli xxl-job Token Generation IndexController.java makeToken weak password hash
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Use of Password Hash With Insufficient Computational Effort
The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.
Products Associated with CVE-2025-7789
Want to know whenever a new CVE is published for Xuxueli Xxl Job? stack.watch will email you.
Affected Versions
Xuxueli xxl-job:- Version 3.1.0 is affected.
- Version 3.1.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.