CVE-2025-2776

Published May 7, 2025

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-2776 is an unauthenticated XML External Entity (XXE) vulnerability found in SysAid On-Prem versions at or below 23.3.40. This vulnerability exists within the Server URL processing functionality. The XXE vulnerability allows for administrator account takeover and enables file read primitives.

Description
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Source
disclosure@vulncheck.com
NVD status
Analyzed
Products
sysaid

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
Exploit added on
Jul 22, 2025
Exploit action due
Aug 12, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

disclosure@vulncheck.com
CWE-611

Social media

Hype score
Not currently trending
  1. 🚨CVE-2025-2776 – Critical XXE flaw in SysAid On-Prem ( v23.3.40 &amp; earlier ) 💀 No auth needed ⚠️ Active exploitation 💥 CVSS 9.8 | CISA KEV listed 🔗 Full breakdown : https://t.co/LlDujaOt8q #CyberSecurity #CVE2025 #InfoSec #SysAid

    @HowTo1833326

    11 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-2776 – Critical XXE flaw in SysAid On-Prem (v23.3.40 &amp; earlier) 💀 No auth needed ⚠️ Active exploitation 💥 CVSS 9.8 | CISA KEV listed 🔗 Full breakdown : https://t.co/LlDujaP0XY #CyberSecurity #CVE2025 #InfoSec #SysAid

    @HowTo1833326

    11 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-2776 – Critical XXE flaw in SysAid On-Prem ( v23.3.40 &amp; earlier ) 💀 No auth needed ⚠️ Active exploitation 💥 CVSS 9.8 | CISA KEV listed 🔗 Full breakdown: https://t.co/LlDujaP0XY #CyberSecurity #CVE2025 #InfoSec #SysAid

    @HowTo1833326

    11 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🔴 SysAid On-Prem, XML External Entity (XXE), #CVE-2025-2776 (Critical) https://t.co/dP2EAmV5rV

    @dailycve

    27 Jul 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA warns of hackers exploiting SysAid vulnerabilities in attacks CISA has warned that attackers are actively exploiting two unauthenticated XML External Entity (XXE) vulnerabilities in SysAid ITSM software (CVE-2025-2775 and CVE-2025-2776) to hijack administrator accounts. htt

    @dCypherIO

    24 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. Tracked as CVE-2025-2775 and CVE-2025-2776, were patched in March. https://t.co/j2j7DVwoB0 https://t.co/HUK4bC

    @riskigy

    24 Jul 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ⚠️⚠️ CVE-2025-2775(CVSS 9.3)and CVE-2025-2776(CVSS 9.3) SysAid Flaws Under Active Attack Enable Remote File Access and SSRF 🔥PoC: https://t.co/vvk5oQoWai 🎯1.7k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/bNV7z6glrB FO

    @fofabot

    24 Jul 2025

    1311 Impressions

    2 Retweets

    22 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https

    @zoomeye_team

    24 Jul 2025

    946 Impressions

    5 Retweets

    10 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https

    @zoomeye_team

    24 Jul 2025

    123 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 【SysAidのXXE脆弱性が悪用される】米CISAはSysAidの脆弱性CVE-2025-2775, CVE-2025-2776が攻撃で悪用されているとしてKEVカタログに追加。攻撃者は管理者アカウントを乗っ取り、機微情報を含むローカルファイルを窃取

    @MachinaRecord

    24 Jul 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨Alert🚨 :CVE-2025-2775&amp;CVE-2025-2776&amp;CVE-2025-2777 : Three Unauthenticated XML External Entity (XXE) Vulnerabilities in SysAid On-Prem 🔥PoC :https://t.co/KidlD1ZfMm 🧐Deep Dive :https://t.co/6rCTA2H7Dx 📊6.3K+ Services are found on the https://t.co/ysWb28BTvF

    @HunterMapping

    24 Jul 2025

    3656 Impressions

    22 Retweets

    75 Likes

    28 Bookmarks

    0 Replies

    0 Quotes

  12. SysAid Zero-Day: CVE-2025-2775 and CVE-2025-2776 Exploited in the Wild #CISA #SysAid #CyberSecurity #CVE20252775 #CVE20252776 #SSRF #Infosec #VulnerabilityAlert #PatchNow #ZeroDay #DataSecurity https://t.co/d1Zv0bO8Nu

    @cyashadotcom

    23 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Security Alert: CISA warns of hackers exploiting SysAid vulnerabilities (CVE-2025-2775, CVE-2025-2776) to hijack admin accounts, reported July 23, 2025. Threat: Unauthenticated XXE flaws enable file access and potential code execution, risking logistics breaches. Action: Patch

    @tony3266

    23 Jul 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-2775 and CVE-2025-2776 in SysAid ITSM are under active attack. These pre-auth XXE flaws enable admin takeover, file access, and SSRF, with potential RCE. CISA added both to KEV. Patch to SysAid 24.4.60+ now and check systems for compromise. https://t.co/dlDs1qMFeW

    @CloneSystemsInc

    23 Jul 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-2776 #SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability https://t.co/PzJjqkxLOe

    @ScyScan

    22 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 CVE-2025-2776 - critical 🚨 SysAid On-Prem &lt;= 23.3.40 - XML External Entity &gt; SysAid On-Prem versions &lt;= 23.3.40 are vulnerable to an unauthenticated XML External ... 👾 https://t.co/ygOG7xaEk0 @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    10 May 2025

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 【リンク集:5月7日〜8日のセキュリティ関連ニュース/記事】 <脆弱性> ・マイクロソフトが発表、4月のアップデートでWindows Serverの認証に問題発生 https://t.co/u0O5Pz35EM ・SysAid、オンプレミス版における4つの

    @MachinaRecord

    8 May 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. [CVE-2025-2776: CRITICAL] SysAid On-Prem versions &lt;= 23.3.40 exposed to XXE vulnerability in Server URL processing allows admin account takeover &amp; file read primitives. #CyberSecurity#cve,CVE-2025-2776,#cybersecurity https://t.co/Tyq0I5JniP https://t.co/FYKJYGxWMg

    @CveFindCom

    7 May 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. We are sharing SysAid instances likely vulnerable to CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 (XXEs) any of which combined with CVE-2025-2778 allows for RCE. 77 IPs found unpatched so far (version check). Install updates from SysAid (from March!) https://t.co/SNVkIeSfF3 h

    @Shadowserver

    7 May 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. [SysAid fixes four critical vulnerabilities that enable RCE] SysAid has released an update for the on-premise version of its software that eliminates four critical vulnerabilities at once — CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 and CVE-2025-2778. Vulnerabilities allowe

    @NGT_Cybercrime

    7 May 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 📌 قامت SysAid بإصلاح أربع ثغرات حرجة في إصدارها المحلي من برنامج دعم تكنولوجيا المعلومات، تسمح بتنفيذ تعليمات برمجية عن بُعد دون مصادقة، مع حقوق مرتفعة. ال

    @Cybercachear

    7 May 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations