CVE-2025-48782

Critical CVSS: 9.9

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.

Vendor

Scshr

Product

Hr Portal

CWE

CWE-434

Yayın Tarihi

2025-06-06 10:15:24

Güncelleme

2026-02-04 14:38:52

Source Identifier

ART@zuso.ai

KEV Date Added

Kategoriler

CWE-434 Hr Portal CRITICAL Scshr 2025

Referanslar

https://zuso.ai/advisory/za-2025-07

Benzer Kayıtlar

High

CVE-2025-48783

An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Mana…

High

CVE-2025-48784

A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 a…

Critical

CVE-2025-5192

A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource…

Critical

CVE-2025-48780

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Managem…

High

CVE-2025-48781

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Ma…