EUVD-2025-17100CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.
Analysis
Critical remote code execution vulnerability in Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408, stemming from unrestricted file uploads that bypass type validation. An unauthenticated remote attacker can upload a malicious file (e.g., executable, script) and execute arbitrary system commands with no user interaction required, achieving complete system compromise. With a CVSS score of 9.8 (critical) and an unauthenticated attack vector, this poses immediate and severe risk to all unpatched deployments.
Technical Context
This vulnerability exploits improper input validation in the file upload functionality (CWE-434: Unrestricted Upload of File with Dangerous Type). The HRD system fails to adequately validate, sanitize, or restrict uploaded file types before storing or processing them, allowing an attacker to bypass file type checks through various techniques (e.g., double extensions, MIME type spoofing, null byte injection, or polyglot files). Once uploaded, the dangerous file can be executed by the web server or through direct access, resulting in Remote Code Execution (RCE). The vulnerability affects Soar Cloud HRD versions through 7.3.2025.0408, a human resource management application that likely processes employee documents and records. CPE identification would be: cpe:2.3:a:soar:cloud_hrd:*:*:*:*:*:*:*:* (versions <=7.3.2025.0408).
Affected Products
Soar Cloud HRD Human Resource Management System versions 7.3.2025.0408 and all earlier versions. The vulnerability affects any deployment of this product line up to and including the April 8, 2025 build. No evidence that versions after 7.3.2025.0408 have been released or verified as patched; refer to Soar vendor security advisories for definitive patch information. Affected organizations should identify all instances of HRD in their environment and prioritize patching. If vendor advisory links are available, they should be consulted for version-specific patch availability and deployment guidance.
Remediation
Immediate actions: (1) If a patch version beyond 7.3.2025.0408 is available from Soar, apply it immediately. (2) As a temporary workaround, restrict file upload functionality at the web application firewall or reverse proxy level by blocking HTTP POST/PUT requests to upload endpoints, or by enforcing strict MIME type and file extension allowlists (whitelist only expected document types: PDF, DOCX, XLSX, etc.). (3) Implement file type validation on both client and server side using magic number (file signature) verification, not just extension or MIME type headers. (4) Store uploaded files outside the web-accessible directory and serve them through a controlled handler that validates and sanitizes before delivery. (5) Disable script execution in the upload directory via web server configuration (e.g., Apache .htaccess or nginx location blocks). (6) Apply the principle of least privilege to the web server process to limit the impact of RCE. (7) Monitor upload directories for suspicious files and audit web server logs for POST requests to upload endpoints. Consult Soar's official security advisory for definitive patch versions and deployment procedures.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today