Hr Portal
Monthly
Missing authentication vulnerability in Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408 that allows unauthenticated remote attackers to bypass authentication controls and access critical application functions. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact, indicating attackers can read sensitive HR data without credentials. While specific KEV or active exploitation status is not confirmed in available data, the network-accessible nature (AV:N), lack of authentication requirement (PR:N), and criticality of HR systems suggest elevated real-world risk.
Missing authorization vulnerability in Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408 that allows unauthenticated remote attackers to modify critical system settings without any credentials or user interaction. This is a high-severity integrity violation (CVSS 7.5) affecting HR management infrastructure; attackers can alter configurations that may impact payroll, employee records, access controls, and compliance functions. No exploitation complexity is required (AC:L, PR:N), making this vulnerability immediately exploitable in real-world environments.
CVE-2025-48783 is an external control of file name or path vulnerability (CWE-73) in the delete file function of Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408, allowing unauthenticated remote attackers to delete arbitrary files by manipulating file path parameters. The vulnerability has a CVSS score of 7.5 with high integrity impact, enabling attackers to perform unauthorized file deletion without authentication. Exploitation requires only network access and no user interaction, making this a significant threat to organizations using affected HRD system versions.
Critical remote code execution vulnerability in Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408, stemming from unrestricted file uploads that bypass type validation. An unauthenticated remote attacker can upload a malicious file (e.g., executable, script) and execute arbitrary system commands with no user interaction required, achieving complete system compromise. With a CVSS score of 9.8 (critical) and an unauthenticated attack vector, this poses immediate and severe risk to all unpatched deployments.
A remote code execution vulnerability in the download file function of Soar Cloud HRD Human Resource Management System (CVSS 7.5) that allows remote attackers. High severity vulnerability requiring prompt remediation.
Critical remote code execution vulnerability in Soar Cloud HRD Human Resource Management System (versions through 7.3.2025.0408) caused by unsafe deserialization of untrusted data in the download file function. An unauthenticated remote attacker can exploit this to execute arbitrary system commands with no user interaction required, achieving complete compromise of confidentiality, integrity, and availability. The CVSS 9.8 severity and network-accessible attack vector indicate this is a high-priority threat requiring immediate patching.
Missing authentication vulnerability in Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408 that allows unauthenticated remote attackers to bypass authentication controls and access critical application functions. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact, indicating attackers can read sensitive HR data without credentials. While specific KEV or active exploitation status is not confirmed in available data, the network-accessible nature (AV:N), lack of authentication requirement (PR:N), and criticality of HR systems suggest elevated real-world risk.
Missing authorization vulnerability in Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408 that allows unauthenticated remote attackers to modify critical system settings without any credentials or user interaction. This is a high-severity integrity violation (CVSS 7.5) affecting HR management infrastructure; attackers can alter configurations that may impact payroll, employee records, access controls, and compliance functions. No exploitation complexity is required (AC:L, PR:N), making this vulnerability immediately exploitable in real-world environments.
CVE-2025-48783 is an external control of file name or path vulnerability (CWE-73) in the delete file function of Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408, allowing unauthenticated remote attackers to delete arbitrary files by manipulating file path parameters. The vulnerability has a CVSS score of 7.5 with high integrity impact, enabling attackers to perform unauthorized file deletion without authentication. Exploitation requires only network access and no user interaction, making this a significant threat to organizations using affected HRD system versions.
Critical remote code execution vulnerability in Soar Cloud HRD Human Resource Management System versions up to 7.3.2025.0408, stemming from unrestricted file uploads that bypass type validation. An unauthenticated remote attacker can upload a malicious file (e.g., executable, script) and execute arbitrary system commands with no user interaction required, achieving complete system compromise. With a CVSS score of 9.8 (critical) and an unauthenticated attack vector, this poses immediate and severe risk to all unpatched deployments.
A remote code execution vulnerability in the download file function of Soar Cloud HRD Human Resource Management System (CVSS 7.5) that allows remote attackers. High severity vulnerability requiring prompt remediation.
Critical remote code execution vulnerability in Soar Cloud HRD Human Resource Management System (versions through 7.3.2025.0408) caused by unsafe deserialization of untrusted data in the download file function. An unauthenticated remote attacker can exploit this to execute arbitrary system commands with no user interaction required, achieving complete compromise of confidentiality, integrity, and availability. The CVSS 9.8 severity and network-accessible attack vector indicate this is a high-priority threat requiring immediate patching.