CVE-2025-52923
4.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sangfor | aTrust | 2.4.10 | affected |
Weaknesses
- CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/r00t7oo2jm/cVetest/blob/main/p0c.sh
- https://github.com/r00t7oo2jm/cVetest/blob/main/sangf0r-poc.pdf
- https://marketplace.huaweicloud.com/intl/contents/10d76e5f-57b5-4780-9c0c-58af8f7f71e6
- https://community.sangfor.com/forum.php?mod=viewthread&tid=10842
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.