216.73.216.233

CVE-2019-25714

· Published 21/04/2026 17:16 · Modified 22/04/2026 21:20

Labels: CVE-2019-25714 2026-04-21CVE-2019-25714CWE-434[email protected]

Essential information

Published
21/04/2026 17:16
Modified
22/04/2026 21:20
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
seeyon / oa a8 cpe:2.3:a:seeyon:oa_a8:*:*:*:*:*:*:*:*

References