CVE-2025-11581 — PowerJob OpenAPIController is missing authorization

Description

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

How to fix CVE-2025-11581

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed

Is CVE-2025-11581 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 5.1.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-11581
PATCHgithub.com/PowerJob/PowerJob
WEBgithub.com/PowerJob/PowerJob/issues/1128
WEBvuldb.com/?ctiid.327903
WEBvuldb.com/?id.327903