Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Dec 9, 2025

RCE in SecOps SOAR server via user-provided Python packages

CVE-2025-13428

Description

A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise.

No customer action is required.

All customers have been automatically upgraded to the fixed version: 6.3.64 or higher.

Affected products

Google Cloud/Google Cloud SecOps SOARv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cloud.google.com/support/bulletinsmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000