Login Sign Up

CVE-2025-14198

5.3 MEDIUM

📋 TL;DR

This vulnerability in Verysync 2.21.3 allows remote attackers to access sensitive information through the web administration module. The exploit targets the /safebrowsing/clientreport/download endpoint with a manipulated key parameter, enabling unauthorized data disclosure. All systems running the vulnerable version with web administration enabled are affected.

💻 Affected Systems

Products:
  • Verysync (微力同步)
Versions: 2.21.3
Operating Systems: All platforms running Verysync
Default Config Vulnerable: ⚠️ Yes
Notes: Requires web administration module to be enabled and accessible.

📦 What is this software?

Verysync by Verysync

View all CVEs affecting Verysync →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through disclosure of authentication tokens, configuration files, or sensitive user data leading to further attacks.

🟠

Likely Case

Exposure of sensitive information such as configuration details, user data, or internal system information that could facilitate additional attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Disable Web Administration

all

Turn off the web administration interface to prevent remote exploitation.

Edit Verysync configuration to disable web admin interface

Network Access Control

linux

Restrict access to Verysync web interface using firewall rules.

iptables -A INPUT -p tcp --dport [verysync_port] -s [trusted_ips] -j ACCEPT
iptables -A INPUT -p tcp --dport [verysync_port] -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Verysync instances
  • Monitor for unusual access patterns to the /safebrowsing/clientreport/download endpoint

🔍 How to Verify

Check if Vulnerable:

Check if Verysync version is 2.21.3 and web admin is accessible. Test by accessing /safebrowsing/clientreport/download?key=dummytoken

Check Version:

Check Verysync configuration file or web interface for version information

Verify Fix Applied:

Verify web admin is disabled or inaccessible, or that the endpoint no longer returns sensitive information.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /safebrowsing/clientreport/download with unusual key parameters
  • Multiple failed or suspicious access attempts to web admin

Network Indicators:

  • Unusual traffic patterns to Verysync web port from untrusted sources
  • Requests with manipulated key parameters

SIEM Query:

source="verysync.log" AND (uri="/safebrowsing/clientreport/download" OR user_agent="exploit")

📊 Metadata

CVE ID: CVE-2025-14198
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
EPSS Score: 0.06% exploit probability (18.3th percentile)
Published: December 7, 2025
Last Updated: December 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14198, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)