CVE-2025-5192

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.

References

Link	Resource
https://zuso.ai/advisory/za-2025-04	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:scshr:hr_portal:*:*:*:*:*:*:*:*

History

04 Feb 2026, 14:28

Type	Values Removed	Values Added
First Time		Scshr Scshr hr Portal
References	~~() https://zuso.ai/advisory/za-2025-04 -~~	() https://zuso.ai/advisory/za-2025-04 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) Una vulnerabilidad de autenticación faltante para funciones críticas en la aplicación cliente de Soar Cloud HRD Human Resource Management System hasta la versión 7.3.2025.0408 permite a atacantes remotos eludir la autenticación y acceder a las funciones de la aplicación.
CPE		cpe:2.3:a:scshr:hr_portal::::::::

06 Jun 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-06 10:15

Updated : 2026-02-04 14:28

NVD link : CVE-2025-5192

Mitre link : CVE-2025-5192

CVE.ORG link : CVE-2025-5192

JSON object : View

Products Affected

hr_portal

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-5192", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-06T10:15:24.630", "references": [{"url": "https://zuso.ai/advisory/za-2025-04", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions."}, {"lang": "es", "value": "Una vulnerabilidad de autenticaci\u00f3n faltante para funciones cr\u00edticas en la aplicaci\u00f3n cliente de Soar Cloud HRD Human Resource Management System hasta la versi\u00f3n 7.3.2025.0408 permite a atacantes remotos eludir la autenticaci\u00f3n y acceder a las funciones de la aplicaci\u00f3n."}], "lastModified": "2026-02-04T14:28:22.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:scshr:hr_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "507BD788-06E1-4367-A35F-9B6C27D9008D", "versionEndIncluding": "7.3.2025.0408"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}