Vulnerability Description
A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sangfor | Operation And Maintenance Security Management System | <= 3.0.12 |
Related Weaknesses (CWE)
References
- https://github.com/LX-LX88/cve/issues/21ExploitIssue TrackingThird Party Advisory
- https://vuldb.com/?ctiid.342301Permissions RequiredVDB Entry
- https://vuldb.com/?id.342301Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.736208Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-1325?
CVE-2026-1325 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The man...
How severe is CVE-2026-1325?
CVE-2026-1325 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1325?
Check the references section above for vendor advisories and patch information. Affected products include: Sangfor Operation And Maintenance Security Management System.