CVE-2025-34041

Summary

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

Affected Software

VendorProductVersion RangeStatus
Sangfor Technologies Co., Ltd.Endpoint Detection and Response Platform3.2.16affected
Sangfor Technologies Co., Ltd.Endpoint Detection and Response Platform3.2.17affected
Sangfor Technologies Co., Ltd.Endpoint Detection and Response Platform3.2.19affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References