Home

Description

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.

PUBLISHED Reserved 2025-09-03 | Published 2025-09-11 | Updated 2025-09-11 | Assigner GoogleCloud




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

Any version before 6.3.54.0
affected

Any version before 6.3.53.2
affected

Credits

Jakub Domeracki reporter

Tomas Lažauninkas reporter

References

cloud.google.com/support/bulletins?gcp-2025-049 vendor-advisory

cloud.google.com/chronicle/docs/security-bulletins vendor-advisory

cve.org (CVE-2025-9918)

nvd.nist.gov (CVE-2025-9918)

Download JSON