CVE-2025-14674 | aizuda snail-job up to 1.6.0 QLExpressEngine.java QLExpressEngine.doEval injection (ICNUG0)

A vulnerability labeled as critical has been found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injection.

This vulnerability is reported as CVE-2025-14674. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More