PT-2025-45573 · Sangfor · Sangfor Operation/Maintenance Management System
Tajang
·
Published
2025-11-08
·
Updated
2025-12-09
·
CVE-2025-12916
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sangfor Operation and Maintenance Security Management System versions prior to 3.0.11
Description
A command injection issue exists in the Sangfor Operation and Maintenance Security Management System. The issue is related to the manipulation of the
loginUrl argument within the file /fort/portal login of the Frontend component. This can be exploited remotely. The exploit has been publicly disclosed. The vulnerable component is an unknown function.Recommendations
Upgrade to version 3.0.11 or 3.0.12.
Upgrade the affected component.
Exploit
Fix
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sangfor Operation/Maintenance Management System