Path Traversal Vulnerability in Google SecOps SOAR Server
CVE-2025-9918

8.7HIGH

Key Information:

Vendor: Google Cloud
Status: Google Secops Soar
Vendor: CVE Published:; 11 September 2025

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2025-9918?

A critical path traversal vulnerability exists in the archive extraction component of Google SecOps SOAR Server, affecting several versions. This flaw allows an authenticated attacker with import permissions to exploit the system by uploading specially crafted ZIP archives containing path traversal sequences. When successful, this can lead to remote code execution, enabling attackers to execute arbitrary code on the server. Organizations using affected versions should assess their security posture and apply available patches promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Google SecOps SOAR 0 < 6.3.54.0

Google SecOps SOAR 0 < 6.3.53.2

References

https://cloud.google.com/support/bulletins?gcp-2025-049

vendor-advisory

https://cloud.google.com/chronicle/docs/security-bulletin...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Sep 3, 2025

Credit

Jakub Domeracki

Tomas Lažauninkas

JSON

Google Cloud

What is CVE-2025-9918?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.