CVE-2025-15246

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has be...

medium 6.3 CVSS 3.1

Published: Dec 30, 2025

Modified: Apr 15, 2026

Description

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

References

https://gitee.com/aizuda/snail-job/
https://gitee.com/aizuda/snail-job/issues/ICQV61
https://vuldb.com/?ctiid.338636
https://vuldb.com/?id.338636

Version	3.1
Score	6.3 / 10
Severity	medium