CVE-2019-25714

🗓️ 21 Apr 2026 16:11:54Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 17 Views🌐 WEB

Unauthenticated file write in Seeyon OA A8 enables base encoded POST to deploy JSP webshells.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2019-25714	21 Apr 202616:11	–	attackerkb
Circl	CVE-2019-25714	22 Apr 202621:02	–	circl
CNNVD	Seeyon OA A8 代码问题漏洞	21 Apr 202600:00	–	cnnvd
Cvelist	CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet	21 Apr 202616:11	–	cvelist
EUVD	EUVD-2019-20151	21 Apr 202618:31	–	euvd
NVD	CVE-2019-25714	21 Apr 202617:16	–	nvd
Positive Technologies	PT-2026-33997	21 Apr 202600:00	–	ptsecurity
VulnCheck KEV	VulnCheck KEV: CVE-2019-25714	21 Apr 202600:00	–	vulncheck_kev
Vulnrichment	CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet	21 Apr 202616:11	–	vulnrichment

Vulners

Node

seeyon_internet_software a8-v5_collaborative_management_softwareMatch6.1sp1

seeyon_internet_software a8+_collaborative_management_softwareMatch7.0

seeyon_internet_software a8+_collaborative_management_softwareMatch7.0sp1

seeyon_internet_software a8+_collaborative_management_softwareMatch7.0sp2

seeyon_internet_software a8+_collaborative_management_softwareMatch7.0sp3

seeyon_internet_software a8+_collaborative_management_softwareMatch7.1

[
  {
    "vendor": "Seeyon Internet Software",
    "product": "A8-V5 Collaborative Management Software",
    "versions": [
      {
        "status": "affected",
        "version": "6.1sp1"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Seeyon Internet Software",
    "product": "A8+ Collaborative Management Software",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "7.0sp1"
      },
      {
        "status": "affected",
        "version": "7.0sp2"
      },
      {
        "status": "affected",
        "version": "7.0sp3"
      },
      {
        "status": "affected",
        "version": "7.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
web	www.web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-htmlofficeservlet-getshell/
static-aliyun-doc	www.static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/Security_Notification_reseller_en-US.pdf
fortiguard	www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htmlofficeservlet-arbitrary-file-upload
broadcom	www.broadcom.com/support/security-center/attacksignatures/detail
vulncheck	www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arbitrary-file-write-via-htmlofficeservlet
sourceforge	www.sourceforge.net/software/product/A8/
wiki	www.wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%BF%9C%20OA%20A8%20htmlofficeservlet%20getshell%20%E6%BC%8F%E6%B4%9E/

Parameter	Position	Path	Description	CWE
base64-encoded payload	request body	/seeyon/htmlofficeservlet	Unauthenticated arbitrary file write vulnerability allowing JSP webshells to be written to the web app root and executed via the web server.	CWE-434

22 Apr 2026 21:20Current

6.2Medium risk

Vulners AI Score6.2

CVSS 49.3

EPSS0.00853

SSVC