CVE-2025-14674 is an injection vulnerability identified in the aizuda snail-job software, specifically in the QLExpressEngine.doEval function located in the snail-job-common-core module. This function evaluates expressions, and due to improper input handling, it allows an attacker to inject malicious code remotely. The vulnerability affects all versions up to 1.6.0 and does not require authentication or user interaction, making it remotely exploitable over the network. Injection vulnerabilities typically allow attackers to execute arbitrary code or commands, manipulate data, or disrupt service availability. The vulnerability was patched in version 1.7.0-beta1, with the patch identified by commit 978f316c38b3d68bb74d2489b5e5f721f6675e86. The CVSS 4.0 vector indicates low complexity, no privileges required, and no user interaction, but with limited impact on confidentiality, integrity, and availability. No known exploits have been reported in the wild, but the potential for remote code execution or data manipulation exists if exploited. Organizations using snail-job for job scheduling or automation should consider this a priority update to prevent exploitation.

For European organizations, this vulnerability poses a moderate risk primarily to those using aizuda snail-job for task automation, job scheduling, or workflow orchestration. Exploitation could allow attackers to inject malicious expressions remotely, potentially leading to unauthorized code execution, data corruption, or service disruption. This could affect business continuity, data integrity, and confidentiality, especially in sectors relying heavily on automated processes such as manufacturing, finance, and IT services. The lack of required authentication increases the risk of exploitation by external attackers. While no active exploits are known, the presence of this vulnerability in critical automation infrastructure could be leveraged for lateral movement or persistence in targeted attacks. The impact is mitigated somewhat by the limited scope of the vulnerability and the availability of a patch, but organizations must act promptly to avoid operational and reputational damage.

European organizations should immediately assess their use of aizuda snail-job and identify any deployments running versions 1.0 through 1.6.0. The primary mitigation is to upgrade to version 1.7.0-beta1 or later, which contains the official patch. Until the upgrade is applied, organizations should restrict network access to the snail-job service to trusted internal networks only, implement strict input validation and monitoring around the QLExpressEngine usage, and deploy intrusion detection systems to identify anomalous expression evaluations. Additionally, organizations should review logs for suspicious activity related to expression evaluation and consider isolating affected systems to limit potential lateral movement. Regularly updating software dependencies and applying security patches promptly is critical. Security teams should also educate developers and operators about the risks of injection vulnerabilities in expression evaluation engines and enforce secure coding practices to prevent similar issues.