Unrated severityCISA KEVNVD Advisory· Published May 7, 2025· Updated Nov 19, 2025
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
CVE-2025-2776
Description
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Affected products
1- SysAid/SysAid On-Premv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/mitreexploit
- documentation.sysaid.com/docs/24-40-60mitrevendor-advisory
News mentions
0No linked articles in our index yet.