CVE-2025-14199

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Verysync versions up to 2.21.3

Description A flaw exists in Verysync that allows for unrestricted file upload. This impacts an unknown function within the Web Administration Module, specifically related to the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false. The attack can be performed remotely. The exploit has been published. The vendor was contacted but did not respond.

Recommendations Versions prior to 2.21.3 are recommended.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-14199

Affected Products

Verysync

CVE-2025-14199

Weakness Enumeration

Related Identifiers

Affected Products

References · 10