Cyber Posture

CVE-2025-15503

HighPublic PoC

Published: 10 January 2026

Published
10 January 2026
Modified
22 January 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0493 89.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack…

more

is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 mandates validation of the 'File' argument to block unrestricted uploads of arbitrary and dangerous files.

AC-3 Access Enforcement good match
prevent

AC-3 enforces access controls on the vulnerable /fort/trust/version/common/common.jsp endpoint to prevent unauthorized remote file uploads.

SI-9 Information Input Restrictions good match
prevent

SI-9 restricts classes of dangerous file types that can be input to mitigate CWE-434 unrestricted upload of files with dangerous types.

Security SummaryAI

CVE-2025-15503 is an unrestricted file upload vulnerability in Sangfor Operation and Maintenance Management System versions up to 3.0.8. The flaw resides in an unknown function within the file /fort/trust/version/common/common.jsp, where manipulation of the "File" argument enables the upload of arbitrary files. Published on 2026-01-10, it is associated with CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type), carrying a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

Remote attackers require no privileges or user interaction to exploit this vulnerability, making it accessible to unauthenticated adversaries over the network with low attack complexity. Successful exploitation allows limited impacts to confidentiality, integrity, and availability, potentially enabling further compromise depending on the uploaded files.

No vendor response or patches have been issued despite early notification, leaving affected systems without official mitigations. An exploit is publicly available, increasing the risk of active attacks. Relevant advisories appear in GitHub issues at https://github.com/master-abc/cve/issues/13 and VulDB entries such as https://vuldb.com/?ctiid.340348.

Details

CWE(s)
CWE-284CWE-434

Affected Products

sangfor
operation and maintenance security management system
≤ 3.0.8

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Unrestricted file upload in public-facing web application directly enables T1190 (Exploit Public-Facing Application) and facilitates T1100 (Web Shell) via arbitrary file upload including executable web shells.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References