Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Sangfor aTrust ExecStartPre Command Modification Vulnerability

Vulnerability

Exploited

A vulnerability in Sangfor aTrust versions through 2.4.10 allows users to alter the ExecStartPre command. This could potentially be exploited to modify the behavior of the application during its startup process.

Impact

Modifying the ExecStartPre command could change how the application initializes, potentially leading to unauthorized actions or behaviors.

Reproduction

The vulnerability can be reproduced by an authenticated user who has access to modify service commands. After logging into the aTrust application, the user can navigate to the service configuration settings and change the ExecStartPre command to include malicious or unintended instructions.

Added: Jun 22, 2025, 1:28 AM

Updated: Jun 22, 2025, 1:28 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

0.2

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

0.2

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Sangfor aTrust ExecStartPre Command Modification Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating