Refine your search
1 vulnerability found for by Sangfor
CVE-2025-12916 (GCVE-0-2025-12916)
Vulnerability from cvelistv5
Published
2025-11-08 23:32
Modified
2025-11-08 23:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.0.11 and 3.0.12 is recommended to address this issue. It is advisable to upgrade the affected component.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sangfor | Operation and Maintenance Security Management System |
Version: 3.0 |
{
"containers": {
"cna": {
"affected": [
{
"modules": [
"Frontend"
],
"product": "Operation and Maintenance Security Management System",
"vendor": "Sangfor",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "unaffected",
"version": "3.0.11"
},
{
"status": "unaffected",
"version": "3.0.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tajang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.0.11 and 3.0.12 is recommended to address this issue. It is advisable to upgrade the affected component."
},
{
"lang": "de",
"value": "In Sangfor Operation and Maintenance Security Management System 3.0 wurde eine Schwachstelle gefunden. Dies betrifft einen unbekannten Teil der Datei /fort/portal_login der Komponente Frontend. Mit der Manipulation des Arguments loginUrl mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Das Problem kann durch ein Upgrade auf Version 3.0.11 and 3.0.12 adressiert werden. Die Aktualisierung der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T23:32:05.812Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-331634 | Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.331634"
},
{
"name": "VDB-331634 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.331634"
},
{
"name": "Submit #678377 | Sangfor Sangfor Operation and Maintenance Security Management System \u22653.0 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678377"
},
{
"tags": [
"exploit"
],
"url": "https://h4cker.zip/post/fe0ada/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-08T08:33:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12916",
"datePublished": "2025-11-08T23:32:05.812Z",
"dateReserved": "2025-11-08T07:27:51.970Z",
"dateUpdated": "2025-11-08T23:32:05.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}