Uncontrolled Search Path Vulnerability in Sangfor aTrust Access Control System
CVE-2025-5129

7.3HIGH

Key Information:

Vendor

Sangfor

Status
零信任访问控制系统 Atrust
Vendor
CVE Published:
24 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-5129?

A vulnerability exists in Sangfor's aTrust access control system, specifically in the MSASN1.dll library, allowing for an uncontrolled search path. This flaw necessitates local access for exploitation, posing a threat of privilege escalation. The complexity involved in executing this attack is relatively high, making it challenging to exploit. The vulnerability has been publicly disclosed, highlighting the importance for users to assess their systems for potential exposure. The vendor has been alerted about this security concern but has not issued a response.

Affected Version(s)

零信任访问控制系统 aTrust 2.3.10.60

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-5129 - Proof of Concept

References

https://vuldb.com/?id.310207
vdb-entry
https://vuldb.com/?ctiid.310207
signaturepermissions-required
https://vuldb.com/?submit.571267
third-party-advisory

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

neko205 (VulDB User)
JSON
.
CVE-2025-5129 : Uncontrolled Search Path Vulnerability in Sangfor aTrust Access Control System