CVE-2025-5129
A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Vendor
Product
CWE
Yayın Tarihi
2025-05-24 17:15:26
Güncelleme
2025-06-17 17:54:35
Source Identifier
cna@vuldb.com
KEV Date Added
-
Kategoriler
Referanslar
https://drive.google.com/file/d/1_zGvKXIFLdh5RtxauvNYSa52YONJmY9q/view
https://vuldb.com/?ctiid.310207
https://vuldb.com/?id.310207
https://vuldb.com/?submit.571267
https://www.notion.so/Sangfor-Zero-Trust-Access-Control-System-ATrust-Privilege-Escalation-Vulnerability-1eab06dd544b802b87cdd6ba6b70cce9
https://www.notion.so/Sangfor-Zero-Trust-Access-Control-System-ATrust-Privilege-Escalation-Vulnerability-1eab06dd544b802b87cdd6ba6b70cce9