PT-2026-1778 · Sangfor · Sangfor Operation/Maintenance Management System

Nestor233

Publicado

2026-01-09

Atualizado

2026-01-10

CVE-2025-15501

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8

Description A flaw exists in Sangfor Operation and Maintenance Management System. Manipulation of the sessionPath argument within the WriterHandle.getCmd function, located in the file /isomp-protocol/protocol/getCmd, can lead to operating system command injection. Remote exploitation is possible. The exploit for this issue has been publicly disclosed. The vendor was informed of this issue but did not provide a response.

Recommendations Versions up to 3.0.8 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

OS Command Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-77

Identificadores relacionados

CVE-2025-15501

Produtos afetados

Sangfor Operation/Maintenance Management System

PT-2026-1778 · Sangfor · Sangfor Operation/Maintenance Management System

CVE-2025-15501

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14