VYPR
Unrated severityNVD Advisory· Published May 7, 2025· Updated Feb 26, 2026

SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection

CVE-2025-2777

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sysaid/Sysaidllm-fuzzy
    Range: <=23.3.40
  • SysAid/SysAid On-Premv5
    Range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.