PT-2026-1780 · Sangfor · Sangfor Operation/Maintenance Management System
Hhsw34
·
Published
2026-01-10
·
Updated
2026-01-10
·
CVE-2025-15503
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sangfor Operation and Maintenance Management System versions up to 3.0.8
Description
A security flaw exists in Sangfor Operation and Maintenance Management System. The issue involves unrestricted file upload due to manipulation of the
File argument within an unknown function of the /fort/trust/version/common/common.jsp file. This allows for remote exploitation. The exploit has been publicly released. The vendor was notified but did not respond.Recommendations
Versions prior to 3.0.8 should be updated. As a temporary workaround, restrict access to the
/fort/trust/version/common/common.jsp file. Avoid uploading untrusted files to the system.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sangfor Operation/Maintenance Management System