CVE-2025-13250

Published: Nov 16, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be used.

Affected (1)

Products: Datax Web Project: Datax Web

Datax Web Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Datax Web Project Datax Web	Up to 2.1.2

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://github.com/Xzzz111/exps/blob/main/archives/datax-web-broken-access-control-1/report.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.332584

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.332584

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.687604

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.