CVE-2025-34041
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-11-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34041 is a critical OS command injection vulnerability in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. It allows unauthenticated attackers to send specially crafted HTTP requests to the EDR Manager interface, enabling them to execute arbitrary operating system commands with elevated privileges remotely, without any user interaction or prior access. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a full system compromise of the affected Sangfor EDR platform. An attacker can remotely execute arbitrary commands with elevated privileges, potentially gaining unauthorized access to the endpoint security management system, disrupting confidentiality, integrity, and availability of the system, and controlling or damaging the affected environment. [1, 2]