CVE-2025-34041
Published: 24 June 2025
Summary
CVE-2025-34041 is a critical-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
An OS command injection vulnerability, tracked as CVE-2025-34041 and assigned CWE-78, affects the Chinese-language builds of the Sangfor Endpoint Detection and Response (EDR) management platform in versions 3.2.16, 3.2.17, and 3.2.19. The flaw resides in the EDR Manager interface and carries a maximum CVSS score of 10.0, reflecting network-accessible unauthenticated attack vectors that result in complete confidentiality, integrity Availability impacts on both the vulnerable component and its host environment.
Unauthenticated remote attackers can exploit the issue by crafting and sending malicious HTTP requests to the management interface, achieving arbitrary operating-system command execution with elevated privileges. The vulnerability is restricted to the Chinese-language EDR builds and does not affect other language variants.
Exploitation evidence was recorded by the Shadowserver Foundation on 2025-02-04 UTC, several months prior to the CVE's publication date. The EPSS score has remained flat at a peak and current value of 0.0375 with no material increase. Public advisories and technical details are available from VulnCheck, CNVD, and Sangfor.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-18973
Vulnerability details
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager…
more
interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.