cvedb.io
CVE-2025-48781
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-06-06T10:15:23.990 · Last modified 2026-06-17T09:30:17.847

Summary

An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.

Affected products

scshr — hr_portal

Does this affect you?

Add your gear to cvedb and we'll alert you only when scshr ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.