CVE-2025-11580

MEDIUM NUCLEI

Powerjob < 5.1.2 - Incorrect Authorization

Title source: rule

Description

A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Nuclei Templates (1)

PowerJob List - Authorization Bypass

MEDIUMVERIFIEDby DhiyaneshDk

Shodan: title:"PowerJob"

FOFA: title="PowerJob"

References (5)

[Various Sources] https://github.com/PowerJob/PowerJob/

[Issue Tracking, Third Party Advisory] https://github.com/PowerJob/PowerJob/issues/1127

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.327902

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.327902

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.662446

Scores

CVSS v3 5.3

EPSS 0.0175

EPSS Percentile 82.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-863 CWE-862

Status published

Products (2)

powerjob/powerjob < 5.1.2

tech.powerjob/powerjob 0Maven

Published Oct 10, 2025

Tracked Since Feb 18, 2026