CVE-2025-14197 MEDIUM

CVE-2025-14197: Verysync 微力同步 Web Administration f96956469e7be39d information disclosure

Vendor Verysync
Product 微力同步
Weakness CWE-200 · Info exposure
Published December 7, 2025
Last update December 8, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

December 7, 2025 CVE published
December 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-53804 Windows Kernel-Mode Driver Information Disclosure Vulnerability CVE-2021-41124 Splash authentication credentials potentially leaked to target websites in scrapy-splash CVE-2022-23067 ToolJet - Token Leakage via Referer Header CVE-2020-3547 Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability CVE-2024-10312 Exclusive Addons for Elementor <= 2.7.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates