CVE-2025-34041
Sangfor Endpoint Detection and Response OS Command Injection
CVSS Score
0.0
EPSS Score
7.0%
EPSS Percentile
93th
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
| CWE | CWE-78 |
| Vendor | sangfor technologies co., ltd. |
| Product | endpoint detection and response platform |
| Published | Jun 24, 2025 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sangfor technologies co., ltd. endpoint detection and response platform
Be the first to know when new unknown vulnerabilities affecting sangfor technologies co., ltd. endpoint detection and response platform are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Sangfor Technologies Co., Ltd. / Endpoint Detection and Response Platform
3.2.16 3.2.17 3.2.19