CVE-2025-48782 | THREATINT

Description

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.

PUBLISHED Reserved 2025-05-26 | Published 2025-06-06 | Updated 2025-06-06 | Assigner ZUSO ART

CRITICAL: 9.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

affected

Any version

affected

References

zuso.ai/advisory/za-2025-07 third-party-advisory

cve.org (CVE-2025-48782)

nvd.nist.gov (CVE-2025-48782)

Download JSON