Back to KEVs

CVE-2025-34041

Sangfor Endpoint Detection and Response OS Command Injection

Basic Information

CVE State
PUBLISHED
Reserved Date
April 15, 2025
Published Date
June 24, 2025
Last Updated
November 20, 2025
Vendor
Sangfor Technologies Co., Ltd.
Product
Endpoint Detection and Response Platform
Description
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

CVSS Scores

CVSS v4.0

10.0 - CRITICAL

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-02-16 00:00:00 UTC) Source

References

https://www.sangfor.com/blog/cybersecurity/sangfor-endpoint-secure-remote-command-execution-vulnerability https://www.cnvd.org.cn/flaw/show/CNVD-2020-46552 https://vulncheck.com/advisories/sangfor-edr-command-injection

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2026-02-16 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel