CVE•Published 2025-10-10•1 article on news•6 live references•NVD data
CVE-2025-11580
Vulnerability data via CVEDB (Shodan)
CVSS v3.1
5.5
MEDIUM
EPSS percentile
59
Exploit Prediction Scoring System · top 41% of all CVEs
Description
A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Timeline
Published 2025-10-10
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2025-11580Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Powerjob Powerjob" version:"1.0.0"Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Powerjob"HTTP body or banner mentions "Powerjob" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2025-11580Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-11580Censys host search filtered to this CVE id.
grep.app
CVE-2025-11580Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-11580GitHub code search for direct mentions.
Google dork
"CVE-2025-11580" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (3)
CVE-2025-115803 repos
lintsinghua/DeepAuditPython
DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。让安全不再昂贵,让审计不再复杂。
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
k0yt/Awesome-InfoSec-TG-channelsPython
For the most part, these are RUS tg channels and assembled manually in channels.txt. The list of subscribers is updated every 12 hours.