How severe is CVE-2025-15501?

CVE-2025-15501 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-15501

9.8CRITICAL

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipu

게시됨: 1/9/2026업데이트됨: 1/13/2026

설명

A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AI 분석AI 기반

참조

https://github.com/master-abc/cve/issues/12
https://github.com/master-abc/cve/issues/12#issue-3770615262
https://vuldb.com/?ctiid.340346
https://vuldb.com/?id.340346
https://vuldb.com/?submit.727214