| ZUSOART ID |
ZA-2025-07 |
| CVE ID |
CVE-2025-48782 |
| Vulnerability Type |
CWE-434: Unrestricted Upload of File with Dangerous Type |
| CVSS 4.0 Base |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H(9.9) |
| Description |
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file. |
| Vendor |
Soar Cloud System CO., LTD. |
| Product |
| Category |
Version affected |
| HRD Human Resource Management System |
through 7.3.2025.0408 |
|
| Product Support |
Contact Soar Cloud for version updates. |
| Release date |
2025/06/06 |
| Credit |
Yen Chun Shen (YC Shen) of ZUSO ART |
