top of page
perceptive_background_267k.jpg

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of theā€¦

Published:

9 January 2026 at 23:00:00

Alert date:

10 January 2026 at 13:10:58

Source:

nvd.nist.gov

Click to open the original link from this advisory

CVE-2025-15502 is a remote OS command injection vulnerability in Sangfor Operation and Maintenance Management System up to version 3.0.8. The vulnerability exists in the SessionController function within /isomp-protocol/protocol/session file, where manipulation of the Hostname argument leads to command injection. The attack can be executed remotely and public exploits are available. The vendor was contacted but did not respond to the disclosure.

Technical details

Mitigation steps:

Affected products:

Sangfor Operation and Maintenance Management System

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-15502
https://github.com/master-abc/cve/issues/14
https://github.com/master-abc/cve/issues/14#issue-3770634476
https://vuldb.com/?ctiid.340347
https://vuldb.com/?id.340347
https://vuldb.com/?submit.727217

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page