Home

Description

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).

PUBLISHED Reserved 2026-04-21 | Published 2026-04-21 | Updated 2026-04-21 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unknown

6.1sp1
affected

Default status
unknown

7.0
affected

7.0sp1
affected

7.0sp2
affected

7.0sp3
affected

7.1
affected

Credits

The Shadowserver Foundation reporter

References

sourceforge.net/software/product/A8/ product

web.archive.org/...s/2019/seeyon-htmlofficeservlet-getshell/ exploit

wiki.96.mk/...远 OA A8 htmlofficeservlet getshell 漏洞/ exploit

static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/..._en-US.pdf third-party-advisory mitigation

www.broadcom.com/...enter/attacksignatures/detail?asid=31713 third-party-advisory

www.fortiguard.com/...tmlofficeservlet-arbitrary-file-upload third-party-advisory

www.vulncheck.com/...itrary-file-write-via-htmlofficeservlet third-party-advisory

cve.org (CVE-2019-25714)

nvd.nist.gov (CVE-2019-25714)

Download JSON