🔐 CVE Alert

CVE-2025-34041

UNKNOWN 0.0

Sangfor Endpoint Detection and Response OS Command Injection

CVSS Score
0.0
EPSS Score
7.0%
EPSS Percentile
93th

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

CWE CWE-78
Vendor sangfor technologies co., ltd.
Product endpoint detection and response platform
Published Jun 24, 2025
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for sangfor technologies co., ltd. endpoint detection and response platform

Be the first to know when new unknown vulnerabilities affecting sangfor technologies co., ltd. endpoint detection and response platform are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Sangfor Technologies Co., Ltd. / Endpoint Detection and Response Platform
3.2.16 3.2.17 3.2.19

References

NVD ↗ CVE.org ↗ EPSS Data ↗
sangfor.com: https://www.sangfor.com/blog/cybersecurity/sangfor-endpoint-secure-remote-command-execution-vulnerability cnvd.org.cn: https://www.cnvd.org.cn/flaw/show/CNVD-2020-46552 vulncheck.com: https://vulncheck.com/advisories/sangfor-edr-command-injection