CVE-2025-48781
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-02-04
Assigner: ZUSO Advanced Research Team (ZUSO ART)
Description
Description
An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| scshr | hr_portal | to 7.3.2025.0408 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an external control of file name or path issue in the download file function of the Soar Cloud HRD Human Resource Management System up to version 7.3.2025.0408. It allows remote attackers to specify arbitrary file paths and obtain partial files from the system.
How can this vulnerability impact me? :
The vulnerability can allow remote attackers to access partial files by specifying arbitrary file paths, potentially leading to unauthorized disclosure of sensitive information stored on the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70