CVE-2025-13428

Published: Dec 9, 2025

Modified: Dec 9, 2025

PUBLISHED

Description

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise. No customer action is required. All customers have been automatically upgraded to the fixed version: 6.3.64 or higher.

Vendor	Product	Versions
Google Cloud	Google Cloud SecOps SOAR	affected `0 - <= 6.3.64`

Weaknesses (CWE)

CWE-20

References

https://cloud.google.com/support/bulletins#gcp-2025-075

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-13428

Description

Affected Products

Weaknesses (CWE)

References