QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-25714

Back to search

CVE-2019-25714

Published: Apr 21, 2026

Modified: Apr 21, 2026

PUBLISHED

Description

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).

VendorProductVersions

Seeyon Internet Software

A8-V5 Collaborative Management Software

affected
6.1sp1

Seeyon Internet Software

A8+ Collaborative Management Software

affected
7.0
affected
7.0sp1
affected
7.0sp2
affected
7.0sp3
affected
7.1

Weaknesses (CWE)

CWE-434

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now