CVE-2025-5129

high

Description

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://vuldb.com/?submit.571267

https://vuldb.com/?id.310207

https://drive.google.com/file/d/1_zGvKXIFLdh5RtxauvNYSa52YONJmY9q/view

https://www.notion.so/Sangfor-Zero-Trust-Access-Control-System-ATrust-Privilege-Escalation-Vulnerability-1eab06dd544b802b87cdd6ba6b70cce9

https://vuldb.com/?ctiid.310207

Details

Source: Mitre, NVD

Published: 2025-05-24

Updated: 2025-06-17

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Severity: Medium

CVSS v4

Base Score: 7.3

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00011