CVE-2025-13428 | THREATINT

Description

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise. No customer action is required. All customers have been automatically upgraded to the fixed version: 6.3.64 or higher.

PUBLISHED Reserved 2025-11-19 | Published 2025-12-09 | Updated 2025-12-09 | Assigner GoogleCloud

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

Any version

affected

Credits

Jeppe Weikop finder

References

cloud.google.com/support/bulletins

cve.org (CVE-2025-13428)

nvd.nist.gov (CVE-2025-13428)

Download JSON