🔐 CVE Alert

CVE-2019-25714

UNKNOWN 0.0

Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).

CWE CWE-434
Vendor seeyon internet software
Product a8-v5 collaborative management software
Published Apr 21, 2026
Last Updated Apr 21, 2026
Stay Ahead of the Next One

Get instant alerts for seeyon internet software a8-v5 collaborative management software

Be the first to know when new unknown vulnerabilities affecting seeyon internet software a8-v5 collaborative management software are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Seeyon Internet Software / A8-V5 Collaborative Management Software
6.1sp1
Seeyon Internet Software / A8+ Collaborative Management Software
7.0 7.0sp1 7.0sp2 7.0sp3 7.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗
sourceforge.net: https://sourceforge.net/software/product/A8/ web.archive.org: https://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-htmlofficeservlet-getshell/ wiki.96.mk: https://wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%BF%9C%20OA%20A8%20htmlofficeservlet%20getshell%20%E6%BC%8F%E6%B4%9E/ static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com: https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/Security_Notification_reseller_en-US.pdf broadcom.com: https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31713 fortiguard.com: https://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htmlofficeservlet-arbitrary-file-upload vulncheck.com: https://www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arbitrary-file-write-via-htmlofficeservlet

Credits

🔍 The Shadowserver Foundation