CVE-2025-11580 is a security vulnerability identified in PowerJob, an open-source distributed task scheduling framework, affecting versions 5.1.0 through 5.1.2. The vulnerability arises due to missing authorization checks on the /user/list API endpoint, which is intended to provide a list of users. Because the authorization mechanism is absent or improperly implemented, remote attackers can invoke this endpoint without authentication or permission, thereby gaining unauthorized access to potentially sensitive user information. The vulnerability is remotely exploitable without any user interaction or privileges, making it straightforward to abuse. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) indicates network attack vector, low attack complexity, no privileges or user interaction required, and partial impact on confidentiality. Although the vulnerability does not directly affect integrity or availability, the unauthorized disclosure of user data can facilitate further attacks such as social engineering or privilege escalation. The exploit code has been publicly disclosed, increasing the likelihood of exploitation despite no current reports of active exploitation in the wild. No official patches have been linked yet, so mitigation relies on access control and monitoring. This vulnerability highlights the critical need for proper authorization enforcement in API endpoints, especially those exposing user data.

The primary impact of CVE-2025-11580 is unauthorized disclosure of user information due to missing authorization on the /user/list endpoint. This can lead to confidentiality breaches, exposing usernames or other user-related data that could be leveraged for further attacks such as phishing, credential stuffing, or privilege escalation attempts. While the vulnerability does not directly compromise system integrity or availability, the exposure of user data can weaken overall security posture and increase risk of subsequent attacks. Organizations relying on PowerJob for task scheduling in critical environments may face increased risk of targeted attacks if adversaries gain insight into user accounts. The ease of exploitation (no authentication or user interaction required) and public availability of exploit code elevate the threat level. However, the scope is limited to systems running vulnerable PowerJob versions and exposing the affected endpoint to untrusted networks. Without mitigation, attackers could remotely enumerate users, potentially aiding reconnaissance and lateral movement within affected environments.

1. Immediately restrict network access to the /user/list endpoint by implementing firewall rules or network segmentation to limit exposure to trusted internal networks only. 2. If possible, disable or restrict the /user/list API endpoint until a vendor patch is available. 3. Monitor logs and network traffic for unusual or unauthorized access attempts to the /user/list endpoint to detect exploitation attempts early. 4. Apply principle of least privilege by ensuring that only authorized users and systems can access sensitive API endpoints. 5. Stay updated with PowerJob vendor announcements and apply official patches or updates as soon as they are released. 6. Implement Web Application Firewall (WAF) rules to detect and block unauthorized requests targeting the vulnerable endpoint. 7. Conduct internal audits of API authorization mechanisms across all endpoints to prevent similar authorization bypass issues. 8. Educate development and security teams about secure API design and the importance of robust authorization checks.