← Back

CVE-2025-48781

nvd nist
Published: Jun 6, 2025Modified: Feb 4, 2026

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: ART@zuso.ai (Secondary)

Description

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.

Affected (1)

Products: Scshr: Hr Portal
Scshr
1 product
Hr Portal
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Hr Portal
Up to 7.3.2025.0408

Related CWEs

CWE-73
External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (1)

Source: ART@zuso.ai
Third Party Advisory

Timeline

No history available yet.