CVE-2019-25714
Received Received - Intake
Unauthenticated Arbitrary File Write in Seeyon OA A8 Enables RCE

Publication date: 2026-04-21

Last updated on: 2026-04-21

Assigner: VulnCheck

Description
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges.Β Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25714
EUVD
EUVD-2019-20151
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
seeyon office_anywhere_oa_a8 6.1sp1
seeyon office_anywhere_oa_a8 7.0
seeyon office_anywhere_oa_a8 7.0sp1
seeyon office_anywhere_oa_a8 7.0sp2
seeyon office_anywhere_oa_a8 7.0sp3
seeyon office_anywhere_oa_a8 7.1
zhiyuan oa_a8 *
seeyon office_anywhere 6.1sp1
seeyon office_anywhere 7.0
seeyon office_anywhere 7.0sp1
seeyon office_anywhere 7.0sp2
seeyon office_anywhere 7.0sp3
seeyon office_anywhere 7.1
zhiyuan oa_a8 6.1sp1
zhiyuan oa_a8 7.0
zhiyuan oa_a8 7.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25714 is a critical security vulnerability in Seeyon Office Anywhere (OA) A8 collaborative management software. It exists in the /seeyon/htmlofficeservlet endpoint, which allows unauthenticated remote attackers to write arbitrary files to the web application root directory by sending specially crafted POST requests containing custom base64-encoded payloads.

This vulnerability enables attackers to upload malicious JSP webshell files to the server. Once uploaded, these webshells can be executed through the web server, allowing attackers to run arbitrary operating system commands with the privileges of the web server process.

The exploit leverages improper file upload handling and directory traversal sequences in the filename parameter, bypassing input validation by encoding payloads in a custom base64 format.

Impact Analysis

This vulnerability can have severe impacts on affected systems. Attackers can gain unauthorized remote code execution on the server hosting the Seeyon OA A8 software without any authentication.

  • Full control over the server by uploading and executing arbitrary JSP webshells.
  • Execution of arbitrary operating system commands with web server privileges.
  • Potential compromise of confidentiality, integrity, and availability of the affected system.
  • Risk of further attacks such as data theft, system manipulation, or using the compromised server as a pivot point for lateral movement.
Detection Guidance

This vulnerability can be detected by sending specially crafted POST requests to the /seeyon/htmlofficeservlet endpoint and checking for the ability to upload arbitrary files.

A verification approach involves sending a POST request with a base64-encoded payload that attempts to write a test file (e.g., a text file with a random string) to a writable directory within the server's webapps path, then attempting to retrieve that file to confirm successful upload.

Commands or scripts can be used to automate this process, such as Python scripts that craft the POST request with the custom payload format starting with "DBSTEP V3.0" and parameters including OPTION, currentUserId, CREATEDATE, RECORDID, and FILENAME.

After uploading the test file, a GET request can be sent to the expected file URL to verify if the file exists and contains the expected content.

If the test file upload and retrieval succeed, it indicates the presence of the vulnerability.

Mitigation Strategies

To mitigate the CVE-2019-25714 vulnerability, immediate steps include restricting or disabling access to the /seeyon/htmlofficeservlet endpoint to prevent unauthenticated arbitrary file writes.

Ensure that the web application root directory is protected against unauthorized file uploads and that directory traversal attempts are blocked.

Monitor the server for any suspicious JSP files or webshells that may have been uploaded and remove them promptly.

Apply any available patches or updates from the vendor that address this vulnerability.

Implement network-level protections such as firewall rules to restrict access to the vulnerable endpoint only to trusted users or internal networks.

Compliance Impact

The provided context and resources do not contain any information regarding the impact of CVE-2019-25714 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25714. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart