CVE-2025-34041

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34041
CVSS

No CVSS.

A

n OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

References
Link Resource
https://vulncheck.com/advisories/sangfor-edr-command-injection
https://www.cnvd.org.cn/flaw/show/CNVD-2020-46552
https://www.sangfor.com/blog/cybersecurity/sangfor-endpoint-secure-remote-command-execution-vulnerability
Configurations

No configuration.

History

20 Nov 2025, 21:16

Type Values Removed Values Added
Summary (en) An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-07-05 UTC. (en) An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

17 Nov 2025, 22:15

Type Values Removed Values Added
Summary (en) An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. (en) An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-07-05 UTC.

26 Jun 2025, 18:58

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de inyección de comandos del sistema operativo en las versiones en chino de la plataforma de gestión Sangfor Endpoint Detection and Response (EDR) 3.2.16, 3.2.17 y 3.2.19. Esta vulnerabilidad permite a atacantes no autenticados crear y enviar solicitudes HTTP maliciosas a la interfaz del Administrador de EDR, lo que provoca la ejecución de comandos arbitrarios con privilegios elevados. Esta falla solo afecta a las compilaciones de EDR en chino.

24 Jun 2025, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-24 02:15

Updated : 2025-11-20 21:16

NVD link : CVE-2025-34041

Mitre link : CVE-2025-34041

CVE.ORG link : CVE-2025-34041

JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')