VYPR
Unrated severityCISA KEVNVD Advisory· Published May 7, 2025· Updated Nov 19, 2025

SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection

CVE-2025-2776

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sysaid/Sysaidllm-fuzzy
    Range: <=23.3.40
  • SysAid/SysAid On-Premv5
    Range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.