This content originally appeared on DEV Community and was authored by Sharon
> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Seeyon OA is a widely used enterprise Office Automation (OA) platform that helps organizations streamline daily tasks and workflow management.
Recently, Seeyon released a new patch addressing a critical front-end vulnerability that allows attackers to reset any user’s password without authentication.
Chaitin Tech’s emergency response team analyzed the issue and confirmed that many internet-facing Seeyon OA systems remain unpatched and exploitable. To help defenders, they have released a harmless X-POC remote scanner and a CloudWalker local detection tool that are publicly available.
Vulnerability Description
A password reset API in Seeyon OA can be accessed without authentication.
By sending a crafted request, attackers can change the password of any user account — including privileged admin accounts.
This gives attackers a direct path to hijack corporate OA systems.
Detection Tools
X-POC Remote Detection
Command:
./xpoc -r 406 -t http://xpoc.org
Download:
CloudWalker Local Detection
Command:
seeyon_oa_resetpass_ct_868971_scanner_windows_amd64.exe
Download:
Affected Versions
- V5/G6
- V8.1 SP2
- V8.2
Solutions
Temporary Mitigation
Apply network ACLs to restrict access — e.g., only allow trusted IP ranges to reach Seeyon OA systems.
Official Fix
Seeyon has released an official patch:
🔗 Patch Download (Official Site)
Product Support
- Yuntu: Supports fingerprint recognition & POC detection
- Dongjian: Supports custom POC detection
- SafeLine WAF: Virtual patch released, blocks exploitation attempts
- Quanxi: Rule updates released, detects this vulnerability
-
CloudWalker: Users on platform
23.05.001+can download the emergency vulnerability intel pack (EMERVULN-23.09.007) to detect exploitation attempts. Older versions should contact CloudWalker support.
Timeline
- Sept 6 – Seeyon OA published official patch
- Sept 7 – Chaitin Emergency Lab analyzed and reproduced the vulnerability
- Sept 7 – Chaitin Security Response Center released advisory
References
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
This content originally appeared on DEV Community and was authored by Sharon
Sharon | Sciencx (2025-09-02T03:19:23+00:00) Critical Risk: Seeyon OA Arbitrary Password Reset Vulnerability. Retrieved from https://www.scien.cx/2025/09/02/critical-risk-seeyon-oa-arbitrary-password-reset-vulnerability/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.