CVE-2025-48782 PUBLISHED

Soar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous Type

Assigner: ZUSO ART
Reserved: 26.05.2025 Published: 06.06.2025 Updated: 06.06.2025

An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H
CVSS Score: 9.9

Product Status

Vendor Soar Cloud System CO., LTD.
Product HRD Human Resource Management System
Versions Default: affected
  • affected from 0 to 7.3.2025.0408 (incl.)

References

Problem Types

  • CWE-434 Unrestricted Upload of File with Dangerous Type CWE