Soar Cloud HRD Human Resource Management System Deserialization Vulnerability Allowing Arbitrary Command Execution

Vulnerability

A deserialization of untrusted data vulnerability has been identified in the download file function of Soar Cloud HRD Human Resource Management System, affecting versions through 7.3.2025.0408. This vulnerability allows remote attackers to execute arbitrary system commands by sending a crafted serialized object.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of system commands on the server where Soar Cloud HRD is running.

Added: Jun 6, 2025, 10:21 AM

Updated: Jun 6, 2025, 10:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Soar Cloud HRD Human Resource Management System Deserialization Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating