{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-5192","assignerOrgId":"256c161b-b921-402b-8c3b-c6c9c14d5d88","state":"PUBLISHED","assignerShortName":"ZUSO ART","dateReserved":"2025-05-26T06:22:57.842Z","datePublished":"2025-06-06T09:15:17.081Z","dateUpdated":"2025-06-06T13:59:48.427Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"HRD Human Resource Management System","vendor":"Soar Cloud System CO., LTD.","versions":[{"lessThanOrEqual":"7.3.2025.0408","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2025-06-06T04:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions."}],"value":"A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"256c161b-b921-402b-8c3b-c6c9c14d5d88","shortName":"ZUSO ART","dateUpdated":"2025-06-06T09:15:17.081Z"},"references":[{"tags":["third-party-advisory"],"url":"https://zuso.ai/advisory/za-2025-04"}],"source":{"defect":["ZA-2025-04"],"discovery":"UNKNOWN"},"title":"Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-06T13:59:33.836809Z","id":"CVE-2025-5192","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-06T13:59:48.427Z"}}]}}