Critical severityNVD Advisory· Published Jun 24, 2025· Updated Apr 15, 2026

CVE-2025-34041

Description

An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vulncheck.com/advisories/sangfor-edr-command-injectionnvd
www.cnvd.org.cn/flaw/show/CNVD-2020-46552nvd
www.sangfor.com/blog/cybersecurity/sangfor-endpoint-secure-remote-command-execution-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000