Unauthenticated XML External Entity Vulnerability in SysAid On-Prem Software
CVE-2025-2776
Key Information:
- Vendor
Sysaid
- Status
- Vendor
- CVE Published:
- 7 May 2025
Badges
What is CVE-2025-2776?
The SysAid On-Premitory software is susceptible to an unauthenticated XML External Entity (XXE) vulnerability. This weakness exists in the Server URL processing functionality, potentially allowing an attacker to exploit it and gain unauthorized access to sensitive data and systems. As a result, an attacker may achieve administrator account takeover and perform unauthorized file read operations, raising serious concerns for data integrity and security within affected versions.
CISA has reported CVE-2025-2776
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-2776 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
SysAid On-Prem 0 <= 23.3.40
News Articles
CISA Warns of SysAid Vulnerability Exploitation
CISA has added two recent SysAid flaws, CVE-2025-2776 and CVE-2025-2775, to its Known Exploited Vulnerabilities (KEV) catalog.
The Hacker NewsCISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF
SysAid bugs exploited in the wild; CISA mandates federal patching to stop potential admin takeovers.
References
EPSS Score
47% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by The Hacker News
- 🦅
CISA Reported
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved