CVE-2025-15501 | Sangfor Operation and Maintenance Management System up to 3.0.8 getCmd WriterHandle.getCmd sessionPath os command injection

Inserito da Angelo Barbosa | Gen 9, 2026 | CVE

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. It has been classified as critical. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection.

This vulnerability is registered as CVE-2025-15501. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15501 | Sangfor Operation and Maintenance Management System up to 3.0.8 getCmd WriterHandle.getCmd sessionPath os command injection

Post correlati

CVE-2024-44996 | Linux Kernel up to 6.6.47/6.10.6 vsock_bpf_recvmsg Privilege Escalation (921f1acf0c3c/b4ee8cf1acc5/69139d2919dd)

CVE-2025-8168 | D-Link DIR-513 1.10 /goform/formSetWanPPPoE websAspInit curTime buffer overflow

CVE-2024-2469 | GitHub Enterprise Server up to 3.8.16/3.9.11/3.10.8/3.11.6/3.12.0 SSH input validation

CVE-2023-35817 | DevExpress up to 23.1.2 AsyncDownloader server-side request forgery