CVE-2025-2776
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
In short
SysAid On-Prem versions up to 23.3.40 have a security flaw where an attacker can exploit XML processing without logging in to take over administrator accounts or read sensitive files from the server.
Technical detail
An unauthenticated XXE vulnerability exists in the serverurl processing functionality (CWE-611) that allows attackers to inject malicious XML entities. This can be leveraged for arbitrary file disclosure and privilege escalation through administrator account compromise, with no authentication required as a pre-condition.
Summary generated and translated by AI from the official description.
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Affected products
SysAid · SysAid On-Prempublic PoCs found — 2
githubgithub.com/mrk336/From-EternalBlue-to-CVE-2025-2776-The-Evolution-of-an-SMB-Attack★ 0cve_referencelabs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →