HOMEVULNERABILITIESCVE-2019-25714
CRITICALIN THE WILD

CVE-2019-25714

CWE-434Published: April 21, 2026· Updated: Apr 22, 2026

9.3
CVSS v3.1
EPSS:0.60%probability of exploitation in 30 daysPercentile:69.4th

Official Description

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).

NVD Source

Risk Analysis

This critical vulnerability in Seeyon OA A8 allows unauthenticated remote attackers to write arbitrary files to the web application root. With a CVSS score of 9.3, this flaw can lead to arbitrary OS command execution with web server privileges, posing a severe risk. The absence of an EPSS score means its exploitation likelihood is not currently quantifiable by that metric, but its critical severity warrants immediate attention.

Active exploitation of this vulnerability has been observed in the wild. Given the CVSS vector AV:N and AC:L, this flaw is remotely exploitable with low attack complexity, making it a significant threat.

Recommended Action

Apply the latest security patches or upgrade Seeyon OA A8 to a patched version. Implement strict access controls and monitor for unauthorized file writes in the web application root directory.

Generated by the CTIWATCH analysis pipeline from this CVE's metadata (CVSS, EPSS, KEV status, exploit intelligence). Verify against vendor advisories before acting.

Technical Analysis

CVE-2019-25714 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

Active exploitation of CVE-2019-25714 has been observed in the wild. Organizations should prioritize patching immediately regardless of CISA KEV status.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit & PoC Resources

ACTIVE EXPLOITATIONConfirmed exploitation in the wild
External links open in a new tab. Always verify in a controlled environment before use.

All References (7)

Quick Facts

CVE IDCVE-2019-25714
CVSS Score9.3 / 10
SeverityCRITICAL
WeaknessCWE-434
CISA KEVNo
ExploitIN THE WILD
EPSS (30d)0.60%
PublishedApr 21, 2026

Related CVEs (CWE-434)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2019-25714 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
  • !Active exploitation confirmed — treat as P1
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.