CVE-2025-9918 - Vulnerability Details - OpenCVE

A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cloud.google.com/chronicle/docs/security-bulletins#GCP-2025-049
https://cloud.google.com/support/bulletins?gcp-2025-049

History

Thu, 11 Sep 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.
Title		Zip Slip in Google SecOps SOAR allows for Remote Code Execution
Weaknesses		CWE-22
References		https://cloud.google.com/chronicle/docs/security-bulletins#GCP-2025-049 https://cloud.google.com/support/bulletins?gcp-2025-049
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}`

MITRE

Status: PUBLISHED

Assigner: GoogleCloud

Published: 2025-09-11T07:37:50.010Z

Updated: 2025-09-11T07:37:50.010Z

Reserved: 2025-09-03T10:53:44.603Z

Link: CVE-2025-9918

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-11T08:15:40.057

Modified: 2025-09-11T08:15:40.057

Link: CVE-2025-9918

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9918", "assignerOrgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "state": "PUBLISHED", "assignerShortName": "GoogleCloud", "dateReserved": "2025-09-03T10:53:44.603Z", "datePublished": "2025-09-11T07:37:50.010Z", "dateUpdated": "2025-09-11T07:37:50.010Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Google SecOps SOAR", "vendor": "Google Cloud", "versions": [{"lessThan": "6.3.54.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "6.3.53.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Jakub Domeracki"}, {"lang": "en", "type": "reporter", "value": "Tomas La\u017eauninkas"}], "datePublic": "2025-09-04T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences.</span><br>"}], "value": "A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "shortName": "GoogleCloud", "dateUpdated": "2025-09-11T07:37:50.010Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://cloud.google.com/support/bulletins?gcp-2025-049"}, {"tags": ["vendor-advisory"], "url": "https://cloud.google.com/chronicle/docs/security-bulletins#GCP-2025-049"}], "source": {"discovery": "UNKNOWN"}, "title": "Zip Slip in Google SecOps SOAR allows for Remote Code Execution", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability in the archive extraction component in Google SecOps SOAR Server (versions 6.3.54.0, 6.3.53.2, and all prior versions) allows an authenticated attacker with permissions to import Use Cases to achieve Remote Code Execution (RCE) via uploading a malicious ZIP archive containing path traversal sequences."}], "id": "CVE-2025-9918", "lastModified": "2025-09-11T08:15:40.057", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "type": "Secondary"}]}, "published": "2025-09-11T08:15:40.057", "references": [{"source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "url": "https://cloud.google.com/chronicle/docs/security-bulletins#GCP-2025-049"}, {"source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "url": "https://cloud.google.com/support/bulletins?gcp-2025-049"}], "sourceIdentifier": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "f45cbf4e-4146-4068-b7e1-655ffc2c548c", "type": "Secondary"}]}