Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).
CVSS
No CVSS.
References
Configurations
No configuration.
History
21 Apr 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-21 17:16
Updated : 2026-06-17 02:33
NVD link : CVE-2019-25714
Mitre link : CVE-2019-25714
CVE.ORG link : CVE-2019-25714
JSON object : View
Products Affected
No product.
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
