CVE-2025-34041
CRITICAL EXPLOITEDSangfor EDR <3.2.19 - Command Injection
Title source: llmExploitation Summary
CVE-2025-34041 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
References (3)
Core 3
Core References
Various Sources vendor-advisory
patch
technical-description
https://www.sangfor.com/blog/cybersecurity/sangfor-endpoint-secure-remote-command-execution-vulnerability
Various Sources third-party-advisory
https://www.cnvd.org.cn/flaw/show/CNVD-2020-46552
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/sangfor-edr-command-injection
Scores
CVSS v4
10.0
EPSS
0.0697
EPSS Percentile
93.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2025-06-23
CWE
CWE-78
Status
published
Products (3)
Sangfor Technologies Co., Ltd./Endpoint Detection and Response Platform
3.2.16
Sangfor Technologies Co., Ltd./Endpoint Detection and Response Platform
3.2.17
Sangfor Technologies Co., Ltd./Endpoint Detection and Response Platform
3.2.19
Published
Jun 24, 2025
Tracked Since
Feb 18, 2026