CVE-2025-14198 | Verysync 微力同步 2.21.3 Web Administration download?key=dummytoken information disclosure

A vulnerability has been found in Verysync 微力同步 2.21.3 and classified as problematic. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure.

This vulnerability is reported as CVE-2025-14198. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14198 | Verysync 微力同步 2.21.3 Web Administration download?key=dummytoken information disclosure

Post correlati

CVE-2024-4195 | Mattermost up to 8.1.11/9.5.2/9.6.0/9.7.0 HTTP Request access control

CVE-2024-30946 | DedeCMS 5.7 /src/dede/co_do.php cross-site request forgery

CVE-2025-56503 | Sublime Sublime Text improper authentication

CVE-2025-52557 | Mail-0 Zero 0.8 extreme physical environment conditions (GHSA-34gh-g567-hq85 / EUVD-2025-18797)