CVE-2025-34041
10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sangfor Technologies Co., Ltd. | Endpoint Detection and Response Platform | 3.2.16 | affected |
| Sangfor Technologies Co., Ltd. | Endpoint Detection and Response Platform | 3.2.17 | affected |
| Sangfor Technologies Co., Ltd. | Endpoint Detection and Response Platform | 3.2.19 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.sangfor.com/blog/cybersecurity/sangfor-endpoint-secure-remote-command-execution-vulnerability
- https://www.cnvd.org.cn/flaw/show/CNVD-2020-46552
- https://vulncheck.com/advisories/sangfor-edr-command-injection
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.