CVE-2025-9918

high

Description

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.

References

Advisories
References

https://cloud.google.com/support/bulletins?gcp-2025-049

https://cloud.google.com/chronicle/docs/security-bulletins#GCP-2025-049

https://cloud.google.com/support/bulletins/index#gcp-2025-049

Details

Source: Mitre, NVD

Published: 2025-09-11

Updated: 2025-09-11

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Severity: High

EPSS

EPSS: 0.00402