What is the CVSS score of EUVD-2025-17102?

EUVD-2025-17102 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of Hr Portal are affected by EUVD-2025-17102?

A critical vulnerability in Soar Cloud HRD versions up to 7.3.2025.0408 allows unauthenticated remote attackers to execute arbitrary commands on affected systems through a file download function.

How to fix or mitigate EUVD-2025-17102?

Within 24 hours: Identify all instances of Soar Cloud HRD in your environment and isolate systems from internet access if possible; enable enhanced logging and monitoring on affected servers. Within 7 days: Implement network-based access controls restricting download function endpoints to trusted IP ranges only; deploy WAF rules to block suspicious serialized object patterns; consider disabling the download feature if operationally feasible. Within 30 days: Contact vendor for patch availability and timeline; evaluate alternative HR systems if remediation timeline is unacceptable; conduct forensic analysis for signs of exploitation.

Hr Portal EUVD-2025-17102

| CVE-2025-48780 CRITICAL

Deserialization of Untrusted Data (CWE-502)

2025-06-06 ART@zuso.ai

Deserialization Hr Portal

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17102

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

CVE Published

Jun 06, 2025 - 10:15 nvd

CRITICAL 9.8

DescriptionCVE.org

A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.

AnalysisAI

Critical remote code execution vulnerability in Soar Cloud HRD Human Resource Management System (versions through 7.3.2025.0408) caused by unsafe deserialization of untrusted data in the download file function. An unauthenticated remote attacker can exploit this to execute arbitrary system commands with no user interaction required, achieving complete compromise of confidentiality, integrity, and availability. The CVSS 9.8 severity and network-accessible attack vector indicate this is a high-priority threat requiring immediate patching.

Technical ContextAI

The vulnerability resides in CWE-502 (Deserialization of Untrusted Data), a class of flaw where applications deserialize serialized objects from untrusted sources without proper validation. In this case, the Soar Cloud HRD 'download file function' accepts serialized objects (likely Java serialized objects or similar binary formats) and deserializes them directly. An attacker crafts a malicious serialized object containing gadget chains (common Java deserialization gadgets from libraries like Apache Commons Collections, Spring Framework, or similar) that trigger arbitrary command execution during object instantiation. The affected product is Soar Cloud HRD (CPE context: enterprise HR management platform), which processes file downloads and likely uses a serialization framework for inter-component communication or state management. The lack of input validation or signature verification on serialized data allows the attack to succeed.

EUVD-2025-17102 vulnerability details – vuln.today

Back

Hr Portal EUVD-2025-17102

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code