CVE-2019-25714
CRITICAL EXPLOITEDSeeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet
Title source: cnaDescription
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31713
Third Party Advisory third-party-advisory
https://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htmlofficeservlet-arbitrary-file-upload
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arbitrary-file-write-via-htmlofficeservlet
Product product
https://sourceforge.net/software/product/A8/
Exploit exploit
https://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-htmlofficeservlet-getshell/
Exploit exploit
https://wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%BF%9C%20OA%20A8%20htmlofficeservlet%20getshell%20%E6%BC%8F%E6%B4%9E/
Third Party Advisory, Mitigation third-party-advisory
mitigation
https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/Security_Notification_reseller_en-US.pdf
Scores
CVSS v4
9.3
EPSS
0.0078
EPSS Percentile
73.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2026-04-21
CWE
CWE-434
Status
published
Products (6)
Seeyon Internet Software/A8+ Collaborative Management Software
7.0
Seeyon Internet Software/A8+ Collaborative Management Software
7.0sp1
Seeyon Internet Software/A8+ Collaborative Management Software
7.0sp2
Seeyon Internet Software/A8+ Collaborative Management Software
7.0sp3
Seeyon Internet Software/A8+ Collaborative Management Software
7.1
Seeyon Internet Software/A8-V5 Collaborative Management Software
6.1sp1
Published
Apr 21, 2026
Tracked Since
Apr 21, 2026