- Description
- SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- sysaid
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-611
- Hype score
- Not currently trending
WatchTwer Labs has released a #PoC for SysAid Pre-auth #RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778) Git: https://t.co/3Ba0IsltpP Article: https://t.co/dMvVYzRCSF #Vulnerability #CVE #Exploited #KEV https://t.co/fgDPUz5LvW
@darkwebsonar
24 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨PoC for SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778) GitHub: https://t.co/xo9LOlbjJ7 Write-up: https://t.co/CtKxhWsDYg https://t.co/MzCyvAIiWP
@DarkWebInformer
23 Oct 2025
12458 Impressions
49 Retweets
181 Likes
93 Bookmarks
3 Replies
1 Quote
🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https
@zoomeye_team
24 Jul 2025
946 Impressions
5 Retweets
10 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨🚨 SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) Hackers can exploit these vulns to inject malicious XML entities, triggering Server-Side Request Forgery (SSRF) attacks on SysAid Help Desk Software. 🔥PoC: https://t.co/kNyOnjGWC4 ZoomEye https
@zoomeye_team
24 Jul 2025
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-2775&CVE-2025-2776&CVE-2025-2777 : Three Unauthenticated XML External Entity (XXE) Vulnerabilities in SysAid On-Prem 🔥PoC :https://t.co/KidlD1ZfMm 🧐Deep Dive :https://t.co/6rCTA2H7Dx 📊6.3K+ Services are found on the https://t.co/ysWb28BTvF
@HunterMapping
24 Jul 2025
3656 Impressions
22 Retweets
75 Likes
28 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2777 - critical 🚨 SysAid On-Prem <= 23.3.40 - XML External Entity > SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External ... 👾 https://t.co/5JzXdspRQR @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
10 May 2025
299 Impressions
1 Retweet
7 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2777 ⚠️🔴 CRITICAL (9.3) 🏢 SysAid - SysAid On-Prem 🏗️ 0 🔗 https://t.co/MXeJQatEux 🔗 https://t.co/MGBgbjIodd #CyberCron #VulnAlert #InfoSec https://t.co/tOD1bQRfOt
@cybercronai
9 May 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2777 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for admi… https://t.co/mylBOkrcCV
@CVEnew
7 May 2025
154 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2777: CRITICAL] SysAid On-Prem version <= 23.3.40 has an unauthenticated XXE vulnerability in lshw processing, enabling admin account takeover and file access. #cybersecurity#cve,CVE-2025-2777,#cybersecurity https://t.co/I3UH1gKtcM https://t.co/9kbnomuhTY
@CveFindCom
7 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We are sharing SysAid instances likely vulnerable to CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 (XXEs) any of which combined with CVE-2025-2778 allows for RCE. 77 IPs found unpatched so far (version check). Install updates from SysAid (from March!) https://t.co/SNVkIeSfF3 h
@Shadowserver
7 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[SysAid fixes four critical vulnerabilities that enable RCE] SysAid has released an update for the on-premise version of its software that eliminates four critical vulnerabilities at once — CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 and CVE-2025-2778. Vulnerabilities allowe
@NGT_Cybercrime
7 May 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 قامت SysAid بإصلاح أربع ثغرات حرجة في إصدارها المحلي من برنامج دعم تكنولوجيا المعلومات، تسمح بتنفيذ تعليمات برمجية عن بُعد دون مصادقة، مع حقوق مرتفعة. ال
@Cybercachear
7 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899",
"versionEndIncluding": "23.3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]