Remote Code Execution Vulnerability in SecOps SOAR Server by Google
CVE-2025-13428

8.6HIGH

Key Information:

Vendor: Google Cloud
Status: Google Cloud Secops Soar
Vendor: CVE Published:; 9 December 2025

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2025-13428?

A vulnerability in the SecOps SOAR server allows authenticated users with an 'IDE role' to perform Remote Code Execution (RCE). This issue arises from inadequate validation of uploaded Python package code, permitting an attacker to introduce a malicious setup.py file. Once uploaded, this file executes on the server during the package installation process, posing a significant security risk. All customers have received automatic updates to the fixed version, ensuring enhanced protection.

Affected Version(s)

Google Cloud SecOps SOAR 0 <= 6.3.64

References

https://cloud.google.com/support/bulletins#gcp-2025-075

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Nov 19, 2025

Credit

Jeppe Weikop

JSON