PT-2026-1778 · Sangfor · Sangfor Operation/Maintenance Management System
Nestor233
·
Published
2026-01-09
·
Updated
2026-01-10
·
CVE-2025-15501
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sangfor Operation and Maintenance Management System versions up to 3.0.8
Description
A flaw exists in Sangfor Operation and Maintenance Management System. Manipulation of the
sessionPath argument within the WriterHandle.getCmd function, located in the file /isomp-protocol/protocol/getCmd, can lead to operating system command injection. Remote exploitation is possible. The exploit for this issue has been publicly disclosed. The vendor was informed of this issue but did not provide a response.Recommendations
Versions up to 3.0.8 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sangfor Operation/Maintenance Management System