CVE-2025-34041 CRITICAL

CVE-2025-34041: Sangfor Endpoint Detection and Response OS Command Injection

Vendor Sangfor Technologies Co., Ltd.

Product Endpoint Detection and Response Platform

Weakness CWE-78

Published June 24, 2025

Last update November 20, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

Key dates

02Disclosure timeline

June 24, 2025 CVE published

November 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-34041 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2025-34041

CWE CWE-78

CVSS 10.0 / CRITICAL

Affected versions

Vendor Sangfor Technologies Co., Ltd.

Product Endpoint Detection and Response Platform

Affected 3.2.16

Vendor Sangfor Technologies Co., Ltd.

Product Endpoint Detection and Response Platform

Affected 3.2.17

Vendor Sangfor Technologies Co., Ltd.

Product Endpoint Detection and Response Platform

Affected 3.2.19

CVE-2025-34041: Sangfor Endpoint Detection and Response OS Command Injection

01Description

02Disclosure timeline

03References

04Related CVE