CVE-2025-2775
Published May 7, 2025
Last updated a month ago
AI description
CVE-2025-2775 is an unauthenticated XML External Entity (XXE) vulnerability found in SysAid On-Prem versions 23.3.40 and earlier. This vulnerability exists in the Checkin processing functionality. It could allow an attacker to interfere with the application's parsing of XML input. Successful exploitation of CVE-2025-2775 can lead to administrator account takeover and the ability to read files. This vulnerability, along with CVE-2025-2776 and CVE-2025-2777, can be exploited by sending specially crafted HTTP POST requests to specific endpoints. These vulnerabilities were patched in SysAid On-Prem version 24.4.60 b16.
- Description
- SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- sysaid
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
- Exploit added on
- Jul 22, 2025
- Exploit action due
- Aug 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- disclosure@vulncheck.com
- CWE-611
- Hype score
- Not currently trending
🔴 SysAid On-Prem, XML External Entity (XXE), #CVE-2025-2775 (Critical) https://t.co/3wyU7X9yFM
@dailycve
27 Jul 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Post 1/100 CVE-2025-2775 : Discovery + Exploitation + Template Shodan Dork : http.title:"SysAid" Fofa Dork : title="SysAid" || body="SysAid Technologies" Exploit: https://t.co/v2IFYloVem Template : https://t.co/nhCTtCi1aT ---- Check it Out : https://t.co/xRDufV8hCw https:
@h4x0r_fr34k
26 Jul 2025
2111 Impressions
7 Retweets
60 Likes
26 Bookmarks
0 Replies
0 Quotes
Post 1/100 CVE-2025-2775 : Discovery + Exploitation + Template Shodan Dork : http.title:"SysAid" Fofa Dork : title="SysAid" || body="SysAid Technologies" Exploit: https://t.co/v2IFYlpt3U Template : https://t.co/IPzI667iGN ---- Check it Out : https://t.co/xRDufV8Ps4 https:
@h4x0r_fr34k
26 Jul 2025
21 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CISA warns of hackers exploiting SysAid vulnerabilities in attacks CISA has warned that attackers are actively exploiting two unauthenticated XML External Entity (XXE) vulnerabilities in SysAid ITSM software (CVE-2025-2775 and CVE-2025-2776) to hijack administrator accounts. htt
@dCypherIO
24 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. Tracked as CVE-2025-2775 and CVE-2025-2776, were patched in March. https://t.co/j2j7DVwoB0 https://t.co/HUK4bC
@riskigy
24 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-2775(CVSS 9.3)and CVE-2025-2776(CVSS 9.3) SysAid Flaws Under Active Attack Enable Remote File Access and SSRF 🔥PoC: https://t.co/vvk5oQoWai 🎯1.7k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/bNV7z6glrB FO
@fofabot
24 Jul 2025
1311 Impressions
2 Retweets
22 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https
@zoomeye_team
24 Jul 2025
946 Impressions
5 Retweets
10 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https
@zoomeye_team
24 Jul 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【SysAidのXXE脆弱性が悪用される】米CISAはSysAidの脆弱性CVE-2025-2775, CVE-2025-2776が攻撃で悪用されているとしてKEVカタログに追加。攻撃者は管理者アカウントを乗っ取り、機微情報を含むローカルファイルを窃取
@MachinaRecord
24 Jul 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-2775&CVE-2025-2776&CVE-2025-2777 : Three Unauthenticated XML External Entity (XXE) Vulnerabilities in SysAid On-Prem 🔥PoC :https://t.co/KidlD1ZfMm 🧐Deep Dive :https://t.co/6rCTA2H7Dx 📊6.3K+ Services are found on the https://t.co/ysWb28BTvF
@HunterMapping
24 Jul 2025
3656 Impressions
22 Retweets
75 Likes
28 Bookmarks
0 Replies
0 Quotes
SysAid Zero-Day: CVE-2025-2775 and CVE-2025-2776 Exploited in the Wild #CISA #SysAid #CyberSecurity #CVE20252775 #CVE20252776 #SSRF #Infosec #VulnerabilityAlert #PatchNow #ZeroDay #DataSecurity https://t.co/d1Zv0bO8Nu
@cyashadotcom
23 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Alert: CISA warns of hackers exploiting SysAid vulnerabilities (CVE-2025-2775, CVE-2025-2776) to hijack admin accounts, reported July 23, 2025. Threat: Unauthenticated XXE flaws enable file access and potential code execution, risking logistics breaches. Action: Patch
@tony3266
23 Jul 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2775 and CVE-2025-2776 in SysAid ITSM are under active attack. These pre-auth XXE flaws enable admin takeover, file access, and SSRF, with potential RCE. CISA added both to KEV. Patch to SysAid 24.4.60+ now and check systems for compromise. https://t.co/dlDs1qMFeW
@CloneSystemsInc
23 Jul 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 تحذير من CISA: تم إضافة ثغرتين في برنامج SysAid إلى قائمة الثغرات المعروفة التي تتعرض للاستخدام النشط، مما يتيح الوصول عن بُعد إلى الملفات وهجمات SSRF. الثغرة
@Cybercachear
23 Jul 2025
52 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2775 #SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability https://t.co/78FhWddCTp
@ScyScan
22 Jul 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-2775
@transilienceai
8 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【リンク集:5月7日〜8日のセキュリティ関連ニュース/記事】 <脆弱性> ・マイクロソフトが発表、4月のアップデートでWindows Serverの認証に問題発生 https://t.co/u0O5Pz35EM ・SysAid、オンプレミス版における4つの
@MachinaRecord
8 May 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2775: PoC Released for SysAid On-Premises Pre-Auth RCE Vulnerability https://t.co/NXeDt47laH
@Dinosn
8 May 2025
3245 Impressions
5 Retweets
24 Likes
6 Bookmarks
0 Replies
1 Quote
Research reveals a pre-authenticated RCE chain in SysAid On-Premise (CVE-2025-2775), highlighting ongoing email struggles and security vulnerabilities in essential ITSM solutions, further exposing sensitive information to ransomware threats. #CyberSecurity https://t.co/RA4acrOek7
@Cyber_O51NT
8 May 2025
297 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2775: CRITICAL] SysAid On-Prem <= 23.3.40 has an unauthenticated XXE vulnerability in Checkin, risking admin takeover. Urgent action needed for cyber security.#cve,CVE-2025-2775,#cybersecurity https://t.co/Ut6PYKBPv8 https://t.co/jP0WGR0HW3
@CveFindCom
7 May 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities found in SysAid on-premise versions (CVE-2025-2775, 2776, 2777) enable remote code execution via XXE injection. Users must update to version 24.4.60 b16 to patch these flaws. ⚠️ #SysAid #SecurityUpdate #Australia https://t.co/7STB0bWtyy
@TweetThreatNews
7 May 2025
82 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
We are sharing SysAid instances likely vulnerable to CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 (XXEs) any of which combined with CVE-2025-2778 allows for RCE. 77 IPs found unpatched so far (version check). Install updates from SysAid (from March!) https://t.co/SNVkIeSfF3 h
@Shadowserver
7 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
SysAidのオンプレミス版において、認証不要でリモートコード実行が可能となる4件の重大な脆弱性(CVE-2025-2775~2778)が発見された。
@yousukezan
7 May 2025
756 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[SysAid fixes four critical vulnerabilities that enable RCE] SysAid has released an update for the on-premise version of its software that eliminates four critical vulnerabilities at once — CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 and CVE-2025-2778. Vulnerabilities allowe
@NGT_Cybercrime
7 May 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 قامت SysAid بإصلاح أربع ثغرات حرجة في إصدارها المحلي من برنامج دعم تكنولوجيا المعلومات، تسمح بتنفيذ تعليمات برمجية عن بُعد دون مصادقة، مع حقوق مرتفعة. ال
@Cybercachear
7 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899",
"versionEndIncluding": "23.3.40"
}
],
"operator": "OR"
}
]
}
]