AI description
CVE-2025-2776 is an unauthenticated XML External Entity (XXE) vulnerability found in SysAid On-Prem versions at or below 23.3.40. This vulnerability exists within the Server URL processing functionality. The XXE vulnerability allows for administrator account takeover and enables file read primitives.
- Description
- SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- sysaid
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
- Exploit added on
- Jul 22, 2025
- Exploit action due
- Aug 12, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- disclosure@vulncheck.com
- CWE-611
- Hype score
- Not currently trending
🚨CVE-2025-2776 – Critical XXE flaw in SysAid On-Prem ( v23.3.40 & earlier ) 💀 No auth needed ⚠️ Active exploitation 💥 CVSS 9.8 | CISA KEV listed 🔗 Full breakdown : https://t.co/LlDujaOt8q #CyberSecurity #CVE2025 #InfoSec #SysAid
@HowTo1833326
11 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2776 – Critical XXE flaw in SysAid On-Prem (v23.3.40 & earlier) 💀 No auth needed ⚠️ Active exploitation 💥 CVSS 9.8 | CISA KEV listed 🔗 Full breakdown : https://t.co/LlDujaP0XY #CyberSecurity #CVE2025 #InfoSec #SysAid
@HowTo1833326
11 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2776 – Critical XXE flaw in SysAid On-Prem ( v23.3.40 & earlier ) 💀 No auth needed ⚠️ Active exploitation 💥 CVSS 9.8 | CISA KEV listed 🔗 Full breakdown: https://t.co/LlDujaP0XY #CyberSecurity #CVE2025 #InfoSec #SysAid
@HowTo1833326
11 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 SysAid On-Prem, XML External Entity (XXE), #CVE-2025-2776 (Critical) https://t.co/dP2EAmV5rV
@dailycve
27 Jul 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of hackers exploiting SysAid vulnerabilities in attacks CISA has warned that attackers are actively exploiting two unauthenticated XML External Entity (XXE) vulnerabilities in SysAid ITSM software (CVE-2025-2775 and CVE-2025-2776) to hijack administrator accounts. htt
@dCypherIO
24 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. Tracked as CVE-2025-2775 and CVE-2025-2776, were patched in March. https://t.co/j2j7DVwoB0 https://t.co/HUK4bC
@riskigy
24 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-2775(CVSS 9.3)and CVE-2025-2776(CVSS 9.3) SysAid Flaws Under Active Attack Enable Remote File Access and SSRF 🔥PoC: https://t.co/vvk5oQoWai 🎯1.7k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/bNV7z6glrB FO
@fofabot
24 Jul 2025
1311 Impressions
2 Retweets
22 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https
@zoomeye_team
24 Jul 2025
946 Impressions
5 Retweets
10 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https
@zoomeye_team
24 Jul 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【SysAidのXXE脆弱性が悪用される】米CISAはSysAidの脆弱性CVE-2025-2775, CVE-2025-2776が攻撃で悪用されているとしてKEVカタログに追加。攻撃者は管理者アカウントを乗っ取り、機微情報を含むローカルファイルを窃取
@MachinaRecord
24 Jul 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-2775&CVE-2025-2776&CVE-2025-2777 : Three Unauthenticated XML External Entity (XXE) Vulnerabilities in SysAid On-Prem 🔥PoC :https://t.co/KidlD1ZfMm 🧐Deep Dive :https://t.co/6rCTA2H7Dx 📊6.3K+ Services are found on the https://t.co/ysWb28BTvF
@HunterMapping
24 Jul 2025
3656 Impressions
22 Retweets
75 Likes
28 Bookmarks
0 Replies
0 Quotes
SysAid Zero-Day: CVE-2025-2775 and CVE-2025-2776 Exploited in the Wild #CISA #SysAid #CyberSecurity #CVE20252775 #CVE20252776 #SSRF #Infosec #VulnerabilityAlert #PatchNow #ZeroDay #DataSecurity https://t.co/d1Zv0bO8Nu
@cyashadotcom
23 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Alert: CISA warns of hackers exploiting SysAid vulnerabilities (CVE-2025-2775, CVE-2025-2776) to hijack admin accounts, reported July 23, 2025. Threat: Unauthenticated XXE flaws enable file access and potential code execution, risking logistics breaches. Action: Patch
@tony3266
23 Jul 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2775 and CVE-2025-2776 in SysAid ITSM are under active attack. These pre-auth XXE flaws enable admin takeover, file access, and SSRF, with potential RCE. CISA added both to KEV. Patch to SysAid 24.4.60+ now and check systems for compromise. https://t.co/dlDs1qMFeW
@CloneSystemsInc
23 Jul 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2776 #SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability https://t.co/PzJjqkxLOe
@ScyScan
22 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2776 - critical 🚨 SysAid On-Prem <= 23.3.40 - XML External Entity > SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External ... 👾 https://t.co/ygOG7xaEk0 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
10 May 2025
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:5月7日〜8日のセキュリティ関連ニュース/記事】 <脆弱性> ・マイクロソフトが発表、4月のアップデートでWindows Serverの認証に問題発生 https://t.co/u0O5Pz35EM ・SysAid、オンプレミス版における4つの
@MachinaRecord
8 May 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2776: CRITICAL] SysAid On-Prem versions <= 23.3.40 exposed to XXE vulnerability in Server URL processing allows admin account takeover & file read primitives. #CyberSecurity#cve,CVE-2025-2776,#cybersecurity https://t.co/Tyq0I5JniP https://t.co/FYKJYGxWMg
@CveFindCom
7 May 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We are sharing SysAid instances likely vulnerable to CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 (XXEs) any of which combined with CVE-2025-2778 allows for RCE. 77 IPs found unpatched so far (version check). Install updates from SysAid (from March!) https://t.co/SNVkIeSfF3 h
@Shadowserver
7 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[SysAid fixes four critical vulnerabilities that enable RCE] SysAid has released an update for the on-premise version of its software that eliminates four critical vulnerabilities at once — CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 and CVE-2025-2778. Vulnerabilities allowe
@NGT_Cybercrime
7 May 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 قامت SysAid بإصلاح أربع ثغرات حرجة في إصدارها المحلي من برنامج دعم تكنولوجيا المعلومات، تسمح بتنفيذ تعليمات برمجية عن بُعد دون مصادقة، مع حقوق مرتفعة. ال
@Cybercachear
7 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899",
"versionEndIncluding": "23.3.40"
}
],
"operator": "OR"
}
]
}
]