CVE-2025-2778
AI description
CVE-2025-2778 is a command injection vulnerability that affects SysAid On-Premise IT Support Software. It exists in version 23.3.40 and prior. Successful exploitation could allow a remote attacker to execute arbitrary commands on the affected system. The vulnerability allows attackers to execute arbitrary commands on the host operating system. This can be combined with XXE vulnerabilities to achieve remote code execution. SysAid has released security updates to address this vulnerability.
- Description
- -
- Hype score
- Not currently trending
WatchTwer Labs has released a #PoC for SysAid Pre-auth #RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778) Git: https://t.co/3Ba0IsltpP Article: https://t.co/dMvVYzRCSF #Vulnerability #CVE #Exploited #KEV https://t.co/fgDPUz5LvW
@darkwebsonar
24 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨PoC for SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778) GitHub: https://t.co/xo9LOlbjJ7 Write-up: https://t.co/CtKxhWsDYg https://t.co/MzCyvAIiWP
@DarkWebInformer
23 Oct 2025
12458 Impressions
49 Retweets
181 Likes
93 Bookmarks
3 Replies
1 Quote
We are sharing SysAid instances likely vulnerable to CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 (XXEs) any of which combined with CVE-2025-2778 allows for RCE. 77 IPs found unpatched so far (version check). Install updates from SysAid (from March!) https://t.co/SNVkIeSfF3 h
@Shadowserver
7 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[SysAid fixes four critical vulnerabilities that enable RCE] SysAid has released an update for the on-premise version of its software that eliminates four critical vulnerabilities at once — CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 and CVE-2025-2778. Vulnerabilities allowe
@NGT_Cybercrime
7 May 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes