Primary

Context

SecOps SOAR Server Remote Code Execution Vulnerability for Users with IDE Role

Vulnerability

A remote code execution vulnerability has been identified in the SecOps SOAR server, specifically within the custom integrations feature. This issue allows an authenticated user with an 'IDE role' to execute arbitrary code on the server. The vulnerability arises from inadequate validation of uploaded Python package code. An attacker could exploit this by uploading a package that includes a malicious setup.py file, which would be executed on the server during the installation process, potentially leading to a complete compromise of the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the executed code running in the server's environment, potentially leading to a full server compromise.

Remediation

All customers have been automatically upgraded to the fixed version 6.3.64 or higher.

Added: Dec 9, 2025, 8:51 PM

Updated: Dec 9, 2025, 8:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

0.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

1.4

threat

0.0

urgency

0.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SecOps SOAR Server Remote Code Execution Vulnerability for Users with IDE Role

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating