Unauthenticated XML External Entity Vulnerability in SysAid On-Prem Product
CVE-2025-2775
Key Information:
- Vendor
Sysaid
- Status
- Vendor
- CVE Published:
- 7 May 2025
Badges
What is CVE-2025-2775?
CVE-2025-2775 is an identified vulnerability located within the SysAid On-Prem product, specifically affecting versions up to and including 23.3.40. This vulnerability is categorized as an unauthenticated XML External Entity (XXE) issue, which stems from the way the system processes XML data during the Checkin functionality. The presence of this flaw allows attackers to exploit the application without needing authentication, which can lead to severe security ramifications. When successfully exploited, an attacker could seize control of administrative accounts and potentially gain unauthorized access to sensitive files, compromising the integrity and confidentiality of the organization’s data. The technical implications of this vulnerability highlight significant risks, as it not only opens the door to data exposure but could result in full administrative control, enabling further malicious actions within the system.
Potential impact of CVE-2025-2775
-
Administrator Account Takeover: The vulnerability allows attackers to gain unauthorized access to administrative accounts, enabling them to manipulate system settings and manage user accounts, which could lead to extensive damage within the organization.
-
Data Exposure and File Read Access: Through exploitation, attackers could leverage this vulnerability to read sensitive files from the server, risking the exposure of confidential information, intellectual property, or critical business data.
-
Increased Risk of Further Exploitation: The successful exploitation of this vulnerability may serve as a foothold for attackers, facilitating subsequent attacks that could spread to other systems, leading to broader network compromises or data breaches.
Affected Version(s)
SysAid On-Prem 0 <= 23.3.40
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved