Unknown · Secops Soar Server · CVE-2025-13428
**Name of the Vulnerable Software and Affected Versions**
SecOps SOAR server versions prior to 6.3.64
**Description**
A flaw exists in the custom integrations feature of the SecOps SOAR server that allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE). The issue stemmed from insufficient validation of uploaded Python package code. An attacker could upload a malicious Python package containing a malicious `setup.py` file, which would execute on the server during installation, potentially leading to server compromise.
**Recommendations**
Upgrade to version 6.3.64 or higher.