ByteOS Network

NVD Vulnerability Details :

CVE-2025-5129

Analyzed

Source-cna@vuldb.com

Published At-24 May, 2025 | 17:15

Updated At-17 Jun, 2025 | 17:54

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	7.3	HIGH	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	7.0	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	3.1	6.3	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Secondary	2.0	6.0	MEDIUM	AV:L/AC:H/Au:S/C:C/I:C/A:C

Type: Secondary

Version: 4.0

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 2.0

Base score: 6.0

Base severity: MEDIUM

Vector:

AV:L/AC:H/Au:S/C:C/I:C/A:C

CPE Matches

Sangfor Technologies Inc.

>>atrust>>2.3.10.60

cpe:2.3:a:sangfor:atrust:2.3.10.60:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-426	Secondary	cna@vuldb.com
CWE-427	Secondary	cna@vuldb.com
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: CWE-426

Type: Secondary

Source: cna@vuldb.com

CWE ID: CWE-427

Type: Secondary

Source: cna@vuldb.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://drive.google.com/file/d/1_zGvKXIFLdh5RtxauvNYSa52YONJmY9q/view	cna@vuldb.com	Exploit
https://vuldb.com/?ctiid.310207	cna@vuldb.com	Permissions Required VDB Entry
https://vuldb.com/?id.310207	cna@vuldb.com	Third Party Advisory VDB Entry
https://vuldb.com/?submit.571267	cna@vuldb.com	Third Party Advisory VDB Entry
https://www.notion.so/Sangfor-Zero-Trust-Access-Control-System-ATrust-Privilege-Escalation-Vulnerability-1eab06dd544b802b87cdd6ba6b70cce9	cna@vuldb.com	Exploit Third Party Advisory
https://www.notion.so/Sangfor-Zero-Trust-Access-Control-System-ATrust-Privilege-Escalation-Vulnerability-1eab06dd544b802b87cdd6ba6b70cce9	134c704f-9b21-4f2e-91b3-4a467353bcc0	Exploit Third Party Advisory