CVE-2025-48780 PUBLISHED

Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data

Assigner: ZUSO ART
Reserved: 26.05.2025 Published: 06.06.2025 Updated: 06.06.2025

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H
CVSS Score: 9.9

Product Status

Vendor Soar Cloud System CO., LTD.
Product HRD Human Resource Management System
Versions Default: affected
  • affected from 0 to 7.3.2025.0408 (incl.)

References

Problem Types

  • CWE-502 Deserialization of Untrusted Data CWE