CVE-2025-14198
BaseFortify
Publication date: 2025-12-07
Last updated on: 2025-12-11
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| verysync | verysync | to 2.21.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Verysync 微力同步 version 2.21.3 within the Web Administration Module, specifically in the /safebrowsing/clientreport/download?key=dummytoken function. An attacker can remotely manipulate this function to cause information disclosure.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized information disclosure, potentially exposing sensitive data to remote attackers without requiring authentication.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability leads to unauthorized remote disclosure of sensitive information due to lack of proper authentication in the Web Administration Module. Such exposure of sensitive data can result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access. Therefore, organizations using the affected software may face compliance risks and potential legal consequences if this vulnerability is exploited. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or abnormal HTTP requests targeting the Web Administration Module, specifically requests to the path /safebrowsing/clientreport/download with parameters like key=dummytoken. You can use network monitoring tools or web server logs to identify such requests. For example, using curl or wget to test the endpoint with crafted requests can help verify if the vulnerability exists. Additionally, monitoring access logs for requests on the commonly used port 8886 targeting the Web management module can help detect exploitation attempts. Commands such as: curl -v http://<target-ip>:8886/safebrowsing/clientreport/download?key=dummytoken or grep '/safebrowsing/clientreport/download' /var/log/nginx/access.log can be used to detect suspicious activity. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Web Administration Module by limiting it to local or whitelisted IP addresses, enabling detailed logging and audit trails to monitor access and file download activities, and promptly identifying and blocking abnormal or unauthorized requests. Since the vendor has not provided a patch or fix, replacing the affected product with a secure alternative is recommended. Applying network-level controls such as firewall rules to block access to the vulnerable port (commonly 8886) from untrusted networks can also reduce risk. [2, 1]