CVE-2025-12916

MEDIUM

Sangfor Operation And Maintenance Security Management System < 3.0.11 - Command Injection

Title source: rule

Description

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.0.11 and 3.0.12 is recommended to address this issue. It is advisable to upgrade the affected component.

Exploits (1)

nomisec SCANNER 4 stars
by Jinxia62 · poc
https://github.com/Jinxia62/Sangfor-CVE-2025-12916

References (4)

Scores

CVSS v3 6.3
EPSS 0.0024
EPSS Percentile 47.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-74 CWE-77
Status published
Products (1)
sangfor/operation_and_maintenance_security_management_system 3.0 - 3.0.11
Published Nov 09, 2025
Tracked Since Feb 18, 2026