CVE-2025-14199 | Verysync 微力同步 up to 2.21.3 Web Administration text.txt?override=false unrestricted upload

Inserito da Angelo Barbosa | Dic 6, 2025 | CVE

A vulnerability was found in Verysync 微力同步 up to 2.21.3 and classified as critical. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload.

This vulnerability appears as CVE-2025-14199. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14199 | Verysync 微力同步 up to 2.21.3 Web Administration text.txt?override=false unrestricted upload

Post correlati

CVE-2024-43659 | Iocharger 24120701 Charging Station credentials storage (DIVD-2024-00035)

CVE-2025-28978 | SB Breadcrumbs Plugin up to 1.0 on WordPress cross site scripting

CVE-2024-2306 | Revslider Plugin up to 6.6.20 on WordPress cross site scripting

CVE-2024-21917 | Rockwell Automation FactoryTalk Service Platform up to 6.3 FTSP Service signature verification (icsa-24-030-06)