2025-06-06

Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data

ZUSOART ID ZA-2025-05
CVE ID CVE-2025-48780
Vulnerability Type CWE-502: Deserialization of Untrusted Data
CVSS 4.0 Base CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H(9.9)
Description A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.
Vendor Soar Cloud System CO., LTD.
Product
Category Version affected
HRD Human Resource Management System through 7.3.2025.0408
Product Support Contact Soar Cloud for version updates.
Release date 2025/06/06
Credit Yen Chun Shen (YC Shen) of ZUSO ART
top