What is the CVSS score of CVE-2025-14198?

CVE-2025-14198 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Verysync are affected by CVE-2025-14198?

Organizations using A vulnerability should be aware of moderate risk from CVE-2025-14198, a information exposure vulnerability rated CVSS 5.3.

Is there a public PoC exploit available for CVE-2025-14198?

Yes, a public proof-of-concept exploit is available for CVE-2025-14198. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-14198?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Verysync CVE-2025-14198

EUVD-2025-201609 MEDIUM

Information Exposure (CWE-200)

2025-12-07 cna@vuldb.com

Information Disclosure Verysync

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:50 euvd

EUVD-2025-201609

Analysis Generated

Mar 15, 2026 - 17:50 vuln.today

PoC Detected

Dec 11, 2025 - 18:08 vuln.today

Public exploit code

CVE Published

Dec 07, 2025 - 17:15 nvd

MEDIUM 5.3

DescriptionCVE.org

A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Technical ContextAI

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Information Exposure (CWE-200).

RemediationAI

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

CVE-2025-14198 vulnerability details – vuln.today

Back

Verysync CVE-2025-14198

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code