CVE-2025-1388: Learning Digital Orca HCM - Arbitrary File Upload
High (8.8)
Sign up for FREE to recieve instant alerts about this vulnerability!
Description
Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells
Classification
CVE ID: CVE-2025-1388
CVSS Base Severity: HIGH
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
Vendor: Learning Digital
Product: Orca HCM
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 0.22165 (how common is this exploit)
EPSS Date: 2025-03-12 (when was this score calculated)