CVE-2025-48780

Critical CVSS: 9.9

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.

Vendor

Scshr

Product

Hr Portal

CWE

CWE-502

Yayın Tarihi

2025-06-06 10:15:23

Güncelleme

2026-02-04 15:02:46

Source Identifier

ART@zuso.ai

KEV Date Added

Kategoriler

CWE-502 Hr Portal CRITICAL Scshr 2025

Referanslar

https://zuso.ai/advisory/za-2025-05

Benzer Kayıtlar

Critical

CVE-2025-48782

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Res…

High

CVE-2025-48783

An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Mana…

High

CVE-2025-48784

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 a…

Critical

CVE-2025-5192

A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource…

High

CVE-2025-48781

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Ma…