CVE-2025-11580
published 2025-10-10CVE-2025-11580: A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization…
PriorityP342medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
1.03%
59.3th percentile
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| powerjob | powerjob | <= 5.1.2 | — |
| powerjob | powerjob | — | — |
| powerjob | powerjob | — | — |
| powerjob | powerjob | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.05.5MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
PowerJob has Missing Authorization in its /user/list file
osv·2025-10-10
CVE-2025-11580 [MEDIUM] PowerJob has Missing Authorization in its /user/list file
PowerJob has Missing Authorization in its /user/list file
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
GHSA
PowerJob has Missing Authorization in its /user/list file
ghsa·2025-10-10
CVE-2025-11580 [MEDIUM] CWE-862 PowerJob has Missing Authorization in its /user/list file
PowerJob has Missing Authorization in its /user/list file
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
No detection rules found.
Nuclei
PowerJob List - Authorization Bypass
nuclei·CVSS 5.5
CVE-2025-11580 [MEDIUM] PowerJob List - Authorization Bypass
PowerJob List - Authorization Bypass
PowerJob = 5.1.2 contains a broken access control caused by missing authorization in /user/list function, letting remote attackers access unauthorized resources, exploit requires no special privileges.
Template:
id: CVE-2025-11580
info:
name: PowerJob List - Authorization Bypass
author: DhiyaneshDk
severity: medium
description: |
PowerJob = 5.1.2 contains a broken access control caused by missing authorization in /user/list function, letting remote attackers access unauthorized resources, exploit requires no special privileges.
impact: |
Remote attackers can access unauthorized resources, potentially leading to data exposure or privilege escalation.
remediation: |
Update to the latest version beyond 5.1.2.
reference:
- https://github.com/PowerJob/Po
No writeups or analysis indexed.
2025-10-10
Published