PT-2025-49804 · Unknown · Secops Soar Server
Jeppe Weikop
·
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2025-13428
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear |
Name of the Vulnerable Software and Affected Versions
SecOps SOAR server versions prior to 6.3.64
Description
A flaw exists in the custom integrations feature of the SecOps SOAR server that allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE). The issue stemmed from insufficient validation of uploaded Python package code. An attacker could upload a malicious Python package containing a malicious
setup.py file, which would execute on the server during installation, potentially leading to server compromise.Recommendations
Upgrade to version 6.3.64 or higher.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Secops Soar Server