CVE-2025-11581: PowerJob OpenAPIController is missing authorization

October 10, 2025 (updated October 27, 2025)

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

References

github.com/PowerJob/PowerJob
github.com/PowerJob/PowerJob/issues/1128
github.com/advisories/GHSA-9wq6-87hw-6mhc
nvd.nist.gov/vuln/detail/CVE-2025-11581
vuldb.com/?ctiid.327903
vuldb.com/?id.327903
vuldb.com/?submit.662558

Code Behaviors & Features

Detect and mitigate CVE-2025-11581 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →