CVE-2025-48781 HIGH

CVE-2025-48781: Soar Cloud HRD Human Resource Management System - External Control of File Name or Path

Vendor Soar Cloud System Co., Ltd.
Product HRD Human Resource Management System
Weakness CWE-73
Published June 6, 2025
Last update June 6, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.

Key dates

02Disclosure timeline

June 6, 2025 CVE published
June 6, 2025 Record updated