CVE-2025-15500

CriticalPublic PoC

Published: 09 January 2026

Published

09 January 2026

Modified

22 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0033 55.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os…

command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validating the sessionPath parameter in HTTP POST requests directly prevents OS command injection by rejecting malformed or malicious inputs.

SI-2 Flaw Remediation good match

prevent

Remediating the flaw in the /isomp-protocol/protocol/getHis handler eliminates the OS command injection vulnerability through patching or code fixes.

SC-7 Boundary Protection partial match

preventdetect

Boundary protection with web application firewalls inspects and blocks crafted HTTP POST requests exploiting the sessionPath parameter.

Security SummaryAI

CVE-2025-15500 is an OS command injection vulnerability affecting the Sangfor Operation and Maintenance Management System in versions up to 3.0.8. The flaw exists in the processing of the file /isomp-protocol/protocol/getHis by the HTTP POST Request Handler component, where manipulation of the sessionPath argument triggers command injection. It was published on 2026-01-09 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), linked to CWEs-77 and CWE-78.

The vulnerability enables remote exploitation without authentication or user interaction. Attackers can send a crafted HTTP POST request to manipulate the sessionPath parameter, injecting arbitrary OS commands. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing full system compromise.

Advisories referenced in GitHub issues (master-abc/cve #11) and VulDB entries (ctiid.340345, id.340345) detail the issue but note no vendor response despite early contact. No patches or official mitigations are available in the provided information.

The exploit has been made public and could be used, increasing the risk for unpatched systems.

Details

CWE(s): CWE-77 CWE-78

Affected Products

sangfor

operation and maintenance management system

≤ 3.0.8

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Unauthenticated OS command injection via public-facing HTTP endpoint directly enables T1190 (Exploit Public-Facing Application) and facilitates arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/master-abc/cve/issues/11
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://github.com/master-abc/cve/issues/11#issue-3770602189
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.340345
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.340345
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.727208
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/master-abc/cve/issues/11
Exploit, Issue Tracking, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://github.com/master-abc/cve/issues/11#issue-3770602189
Exploit, Issue Tracking, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0