What is the CVSS score of EUVD-2025-17101?

EUVD-2025-17101 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Hr Portal are affected by EUVD-2025-17101?

A path traversal vulnerability in Soar Cloud HRD allows attackers to download arbitrary files from affected systems, potentially exposing sensitive employee data, financial records, and confidential…

How to fix or mitigate EUVD-2025-17101?

Within 24 hours: Inventory all Soar Cloud HRD instances and document affected versions; disable the download file function if operationally feasible or restrict access to trusted networks only. Within 7 days: Implement network segmentation to limit HRD system access, deploy WAF rules to block path traversal patterns (../, ..\ encoding variants), and review access logs for suspicious download activity. Within 30 days: Contact Soar Cloud for patch availability; evaluate alternative HRD solutions; conduct forensic audit of downloaded files to assess data compromise.

Hr Portal EUVD-2025-17101

| CVE-2025-48781 HIGH

External Control of File Name or Path (CWE-73)

2025-06-06 ART@zuso.ai

Information Disclosure Hr Portal

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17101

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

CVE Published

Jun 06, 2025 - 10:15 nvd

HIGH 7.5

DescriptionCVE.org

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.

AnalysisAI

A remote code execution vulnerability in the download file function of Soar Cloud HRD Human Resource Management System (CVSS 7.5) that allows remote attackers. High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type: remote code execution. CVSS 7.5 indicates high severity. Affects the download file function of Soar Cloud HRD Human Resource Management System.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-17101 vulnerability details – vuln.today

Back

Hr Portal EUVD-2025-17101

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code