Path Traversal Vulnerability in Google SecOps SOAR Server
CVE-2025-9918

8.7HIGH

Key Information:

Vendor: Google Cloud
Status: Google Secops Soar
Vendor: CVE Published:; 11 September 2025

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2025-9918?

A critical path traversal vulnerability exists in the archive extraction component of Google SecOps SOAR Server, affecting several versions. This flaw allows an authenticated attacker with import permissions to exploit the system by uploading specially crafted ZIP archives containing path traversal sequences. When successful, this can lead to remote code execution, enabling attackers to execute arbitrary code on the server. Organizations using affected versions should assess their security posture and apply available patches promptly.

Affected Version(s)

Google SecOps SOAR 0 < 6.3.54.0

Google SecOps SOAR 0 < 6.3.53.2

References

https://cloud.google.com/support/bulletins?gcp-2025-049

vendor-advisory

https://cloud.google.com/chronicle/docs/security-bulletin...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Sep 3, 2025

Credit

Jakub Domeracki

Tomas Lažauninkas