CVE-2025-2775
Published May 7, 2025
Last updated 5 months ago
- Description
- SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- sysaid
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
- Exploit added on
- Jul 22, 2025
- Exploit action due
- Aug 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- disclosure@vulncheck.com
- CWE-611
- Hype score
- Not currently trending
WatchTwer Labs has released a #PoC for SysAid Pre-auth #RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778) Git: https://t.co/3Ba0IsltpP Article: https://t.co/dMvVYzRCSF #Vulnerability #CVE #Exploited #KEV https://t.co/fgDPUz5LvW
@darkwebsonar
24 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨PoC for SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778) GitHub: https://t.co/xo9LOlbjJ7 Write-up: https://t.co/CtKxhWsDYg https://t.co/MzCyvAIiWP
@DarkWebInformer
23 Oct 2025
12458 Impressions
49 Retweets
181 Likes
93 Bookmarks
3 Replies
1 Quote
CISA Warns of SysAid Vulnerability Exploitation CISA has added two recent SysAid vulnerabilities, CVE-2025-2776 and CVE-2025-2775, to its KEV catalog. The post CISA Warns of SysAid Vulnerability Exploitation appeared first on SecurityWeek. CISA has added two recent SysAid vu.
@SecurityAid
11 Oct 2025
81 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2775 | POC VIDEO https://t.co/ogPtinZzSI
@h4x0r_fr34k
6 Sept 2025
549 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
🔴 SysAid On-Prem, XML External Entity (XXE), #CVE-2025-2775 (Critical) https://t.co/3wyU7X9yFM
@dailycve
27 Jul 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Post 1/100 CVE-2025-2775 : Discovery + Exploitation + Template Shodan Dork : http.title:"SysAid" Fofa Dork : title="SysAid" || body="SysAid Technologies" Exploit: https://t.co/v2IFYloVem Template : https://t.co/nhCTtCi1aT ---- Check it Out : https://t.co/xRDufV8hCw https:
@h4x0r_fr34k
26 Jul 2025
2111 Impressions
7 Retweets
60 Likes
26 Bookmarks
0 Replies
0 Quotes
Post 1/100 CVE-2025-2775 : Discovery + Exploitation + Template Shodan Dork : http.title:"SysAid" Fofa Dork : title="SysAid" || body="SysAid Technologies" Exploit: https://t.co/v2IFYlpt3U Template : https://t.co/IPzI667iGN ---- Check it Out : https://t.co/xRDufV8Ps4 https:
@h4x0r_fr34k
26 Jul 2025
21 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CISA warns of hackers exploiting SysAid vulnerabilities in attacks CISA has warned that attackers are actively exploiting two unauthenticated XML External Entity (XXE) vulnerabilities in SysAid ITSM software (CVE-2025-2775 and CVE-2025-2776) to hijack administrator accounts. htt
@dCypherIO
24 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. Tracked as CVE-2025-2775 and CVE-2025-2776, were patched in March. https://t.co/j2j7DVwoB0 https://t.co/HUK4bC
@riskigy
24 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-2775(CVSS 9.3)and CVE-2025-2776(CVSS 9.3) SysAid Flaws Under Active Attack Enable Remote File Access and SSRF 🔥PoC: https://t.co/vvk5oQoWai 🎯1.7k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/bNV7z6glrB FO
@fofabot
24 Jul 2025
1311 Impressions
2 Retweets
22 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https
@zoomeye_team
24 Jul 2025
946 Impressions
5 Retweets
10 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https
@zoomeye_team
24 Jul 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【SysAidのXXE脆弱性が悪用される】米CISAはSysAidの脆弱性CVE-2025-2775, CVE-2025-2776が攻撃で悪用されているとしてKEVカタログに追加。攻撃者は管理者アカウントを乗っ取り、機微情報を含むローカルファイルを窃取
@MachinaRecord
24 Jul 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-2775&CVE-2025-2776&CVE-2025-2777 : Three Unauthenticated XML External Entity (XXE) Vulnerabilities in SysAid On-Prem 🔥PoC :https://t.co/KidlD1ZfMm 🧐Deep Dive :https://t.co/6rCTA2H7Dx 📊6.3K+ Services are found on the https://t.co/ysWb28BTvF
@HunterMapping
24 Jul 2025
3656 Impressions
22 Retweets
75 Likes
28 Bookmarks
0 Replies
0 Quotes
SysAid Zero-Day: CVE-2025-2775 and CVE-2025-2776 Exploited in the Wild #CISA #SysAid #CyberSecurity #CVE20252775 #CVE20252776 #SSRF #Infosec #VulnerabilityAlert #PatchNow #ZeroDay #DataSecurity https://t.co/d1Zv0bO8Nu
@cyashadotcom
23 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Alert: CISA warns of hackers exploiting SysAid vulnerabilities (CVE-2025-2775, CVE-2025-2776) to hijack admin accounts, reported July 23, 2025. Threat: Unauthenticated XXE flaws enable file access and potential code execution, risking logistics breaches. Action: Patch
@tony3266
23 Jul 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2775 and CVE-2025-2776 in SysAid ITSM are under active attack. These pre-auth XXE flaws enable admin takeover, file access, and SSRF, with potential RCE. CISA added both to KEV. Patch to SysAid 24.4.60+ now and check systems for compromise. https://t.co/dlDs1qMFeW
@CloneSystemsInc
23 Jul 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 تحذير من CISA: تم إضافة ثغرتين في برنامج SysAid إلى قائمة الثغرات المعروفة التي تتعرض للاستخدام النشط، مما يتيح الوصول عن بُعد إلى الملفات وهجمات SSRF. الثغرة
@Cybercachear
23 Jul 2025
52 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2775 #SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability https://t.co/78FhWddCTp
@ScyScan
22 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2775
@transilienceai
8 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【リンク集:5月7日〜8日のセキュリティ関連ニュース/記事】 <脆弱性> ・マイクロソフトが発表、4月のアップデートでWindows Serverの認証に問題発生 https://t.co/u0O5Pz35EM ・SysAid、オンプレミス版における4つの
@MachinaRecord
8 May 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2775: PoC Released for SysAid On-Premises Pre-Auth RCE Vulnerability https://t.co/NXeDt47laH
@Dinosn
8 May 2025
3245 Impressions
5 Retweets
24 Likes
6 Bookmarks
0 Replies
1 Quote
Research reveals a pre-authenticated RCE chain in SysAid On-Premise (CVE-2025-2775), highlighting ongoing email struggles and security vulnerabilities in essential ITSM solutions, further exposing sensitive information to ransomware threats. #CyberSecurity https://t.co/RA4acrOek7
@Cyber_O51NT
8 May 2025
297 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2775: CRITICAL] SysAid On-Prem <= 23.3.40 has an unauthenticated XXE vulnerability in Checkin, risking admin takeover. Urgent action needed for cyber security.#cve,CVE-2025-2775,#cybersecurity https://t.co/Ut6PYKBPv8 https://t.co/jP0WGR0HW3
@CveFindCom
7 May 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities found in SysAid on-premise versions (CVE-2025-2775, 2776, 2777) enable remote code execution via XXE injection. Users must update to version 24.4.60 b16 to patch these flaws. ⚠️ #SysAid #SecurityUpdate #Australia https://t.co/7STB0bWtyy
@TweetThreatNews
7 May 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
We are sharing SysAid instances likely vulnerable to CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 (XXEs) any of which combined with CVE-2025-2778 allows for RCE. 77 IPs found unpatched so far (version check). Install updates from SysAid (from March!) https://t.co/SNVkIeSfF3 h
@Shadowserver
7 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SysAidのオンプレミス版において、認証不要でリモートコード実行が可能となる4件の重大な脆弱性(CVE-2025-2775~2778)が発見された。
@yousukezan
7 May 2025
756 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[SysAid fixes four critical vulnerabilities that enable RCE] SysAid has released an update for the on-premise version of its software that eliminates four critical vulnerabilities at once — CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 and CVE-2025-2778. Vulnerabilities allowe
@NGT_Cybercrime
7 May 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 قامت SysAid بإصلاح أربع ثغرات حرجة في إصدارها المحلي من برنامج دعم تكنولوجيا المعلومات، تسمح بتنفيذ تعليمات برمجية عن بُعد دون مصادقة، مع حقوق مرتفعة. ال
@Cybercachear
7 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899",
"versionEndIncluding": "23.3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]