Verysync 微力同步 Web Administration text.txt unrestricted upload_CVE-2025-14199

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-14199

Source VulDB

Published Dec 7, 2025 at 17:02

Affected Product

Vendor Verysync

Product 微力同步

Version 2.21.0

Affected Versions Verysync 微力同步 2.21.0
Verysync 微力同步 2.21.1
Verysync 微力同步 2.21.2
Verysync 微力同步 2.21.3

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A flaw has been found in Verysync \u5fae\u529b\u540c\u6b65 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-07T17:02:06.806Z",
    "modified": "2025-12-07T17:02:06.806Z",
    "type": "cve",
    "title": "Verysync \u5fae\u529b\u540c\u6b65 Web Administration text.txt unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334619\nhttps://vuldb.com/?ctiid.334619\nhttps://vuldb.com/?submit.699539\nhttps://github.com/jjjjj-zr/jjjjjzr/issues/10",
    "id": "CVE-2025-14199",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Verysync \u5fae\u529b\u540c\u6b65 2.21.0\nVerysync \u5fae\u529b\u540c\u6b65 2.21.1\nVerysync \u5fae\u529b\u540c\u6b65 2.21.2\nVerysync \u5fae\u529b\u540c\u6b65 2.21.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "\u5fae\u529b\u540c\u6b65",
    "version": "2.21.0",
    "vendor": "Verysync",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}