CVE-2025-14518: PowerJob has a server-side request forgery vulnerability in PingPongUtils.java

December 11, 2025

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

References

github.com/PowerJob/PowerJob
github.com/PowerJob/PowerJob/issues/1144
github.com/PowerJob/PowerJob/issues/1144
github.com/advisories/GHSA-8xqm-6fj2-hfgf
nvd.nist.gov/vuln/detail/CVE-2025-14518
vuldb.com/?ctiid.335856
vuldb.com/?id.335856
vuldb.com/?submit.702896

Code Behaviors & Features

Detect and mitigate CVE-2025-14518 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →