CVE-2019-25714
CWE-434Published: April 21, 2026· Updated: Apr 22, 2026
Official Description
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).
Risk Analysis
This critical vulnerability in Seeyon OA A8 allows unauthenticated remote attackers to write arbitrary files to the web application root. With a CVSS score of 9.3, this flaw can lead to arbitrary OS command execution with web server privileges, posing a severe risk. The absence of an EPSS score means its exploitation likelihood is not currently quantifiable by that metric, but its critical severity warrants immediate attention.
Active exploitation of this vulnerability has been observed in the wild. Given the CVSS vector AV:N and AC:L, this flaw is remotely exploitable with low attack complexity, making it a significant threat.
Apply the latest security patches or upgrade Seeyon OA A8 to a patched version. Implement strict access controls and monitor for unauthorized file writes in the web application root directory.
Technical Analysis
CVE-2019-25714 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
Active exploitation of CVE-2019-25714 has been observed in the wild. Organizations should prioritize patching immediately regardless of CISA KEV status.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (7)
Quick Facts
Related CVEs (CWE-434)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2019-25714 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !Active exploitation confirmed — treat as P1