Vulnerability Description
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.0.11 and 3.0.12 is recommended to address this issue. It is advisable to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sangfor | Operation And Maintenance Security Management System | >= 3.0, < 3.0.11 |
Related Weaknesses (CWE)
References
- https://h4cker.zip/post/fe0ada/ExploitThird Party Advisory
- https://vuldb.com/?ctiid.331634Permissions RequiredVDB Entry
- https://vuldb.com/?id.331634Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.678377Third Party AdvisoryVDB Entry
- https://h4cker.zip/post/fe0ada/ExploitThird Party Advisory
FAQ
What is CVE-2025-12916?
CVE-2025-12916 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manip...
How severe is CVE-2025-12916?
CVE-2025-12916 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-12916?
Check the references section above for vendor advisories and patch information. Affected products include: Sangfor Operation And Maintenance Security Management System.