CVE-2019-25714
Unauthenticated Arbitrary File Write in Seeyon OA A8 Enables RCE
Publication date: 2026-04-21
Last updated on: 2026-04-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seeyon | office_anywhere_oa_a8 | 6.1sp1 |
| seeyon | office_anywhere_oa_a8 | 7.0 |
| seeyon | office_anywhere_oa_a8 | 7.0sp1 |
| seeyon | office_anywhere_oa_a8 | 7.0sp2 |
| seeyon | office_anywhere_oa_a8 | 7.0sp3 |
| seeyon | office_anywhere_oa_a8 | 7.1 |
| zhiyuan | oa_a8 | * |
| seeyon | office_anywhere | 6.1sp1 |
| seeyon | office_anywhere | 7.0 |
| seeyon | office_anywhere | 7.0sp1 |
| seeyon | office_anywhere | 7.0sp2 |
| seeyon | office_anywhere | 7.0sp3 |
| seeyon | office_anywhere | 7.1 |
| zhiyuan | oa_a8 | 6.1sp1 |
| zhiyuan | oa_a8 | 7.0 |
| zhiyuan | oa_a8 | 7.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2019-25714 vulnerability, immediate steps include restricting or disabling access to the /seeyon/htmlofficeservlet endpoint to prevent unauthenticated arbitrary file writes.
Ensure that the web application root directory is protected against unauthorized file uploads and that directory traversal attempts are blocked.
Monitor the server for any suspicious JSP files or webshells that may have been uploaded and remove them promptly.
Apply any available patches or updates from the vendor that address this vulnerability.
Implement network-level protections such as firewall rules to restrict access to the vulnerable endpoint only to trusted users or internal networks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not contain any information regarding the impact of CVE-2019-25714 on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2019-25714 is a critical security vulnerability in Seeyon Office Anywhere (OA) A8 collaborative management software. It exists in the /seeyon/htmlofficeservlet endpoint, which allows unauthenticated remote attackers to write arbitrary files to the web application root directory by sending specially crafted POST requests containing custom base64-encoded payloads.
This vulnerability enables attackers to upload malicious JSP webshell files to the server. Once uploaded, these webshells can be executed through the web server, allowing attackers to run arbitrary operating system commands with the privileges of the web server process.
The exploit leverages improper file upload handling and directory traversal sequences in the filename parameter, bypassing input validation by encoding payloads in a custom base64 format.
How can this vulnerability impact me? :
This vulnerability can have severe impacts on affected systems. Attackers can gain unauthorized remote code execution on the server hosting the Seeyon OA A8 software without any authentication.
- Full control over the server by uploading and executing arbitrary JSP webshells.
- Execution of arbitrary operating system commands with web server privileges.
- Potential compromise of confidentiality, integrity, and availability of the affected system.
- Risk of further attacks such as data theft, system manipulation, or using the compromised server as a pivot point for lateral movement.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted POST requests to the /seeyon/htmlofficeservlet endpoint and checking for the ability to upload arbitrary files.
A verification approach involves sending a POST request with a base64-encoded payload that attempts to write a test file (e.g., a text file with a random string) to a writable directory within the server's webapps path, then attempting to retrieve that file to confirm successful upload.
Commands or scripts can be used to automate this process, such as Python scripts that craft the POST request with the custom payload format starting with "DBSTEP V3.0" and parameters including OPTION, currentUserId, CREATEDATE, RECORDID, and FILENAME.
After uploading the test file, a GET request can be sent to the expected file URL to verify if the file exists and contains the expected content.
If the test file upload and retrieval succeed, it indicates the presence of the vulnerability.