CVE-2025-48780 CRITICAL

CVE-2025-48780: Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data

Vendor Soar Cloud System Co., Ltd.
Product HRD Human Resource Management System
Weakness CWE-502 · Unsafe deserialization
Published June 6, 2025
Last update June 6, 2025
View on NVD All CVEs

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H

What the vulnerability does

01Description

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.

Key dates

02Disclosure timeline

June 6, 2025 CVE published
June 6, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-35216 Deserialization of Untrusted Data in Resource Controls Remote Code Execution CVE-2025-14920 Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2025-30892 WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability CVE-2025-43846 GHSL-2025-016_Retrieval-based-Voice-Conversion-WebUI CVE-2026-40860 Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp