CNNVD-202506-2889 Information

CNNVD ID

CNNVD-202506-2889

Related CVE

CVE-2025-52923

• CNNVD Published: 2025-06-22

Description (Chinese)

Sangfor aTrust是中国深信服（Sangfor）公司的一款零信任访问控制系统。 Sangfor aTrust 2.4.10及之前版本存在安全漏洞，该漏洞源于允许用户修改ExecStartPre命令。

Description (English)

Sangfor aTrust is a zero-trust access control system that China is convinced of. There is a security loophole in Sangfor aTrust 2.4.10 and earlier versions, which stems from allowing users to modify ExecStartPre commands.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sankhya

Published

2025-06-22

Last Modified

2026-02-24

References

https://github.com/r00t7oo2jm/cVetest/blob/main/sangf0r-poc.pdf https://github.com/r00t7oo2jm/cVetest/blob/main/p0c.sh https://marketplace.huaweicloud.com/intl/contents/10d76e5f-57b5-4780-9c0c-58af8f7f71e6 https://community.sangfor.com/forum.php?mod=viewthread&tid=10842 https://access.redhat.com/security/cve/cve-2025-52923