CVE-2025-2775

high-risk
Published 2025-05-07

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.

Do I need to act?

!
69.8% chance of exploitation in next 30 days
EPSS score — higher than 30% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.3/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Sysaid

References (4)

Release Notes https://documentation.sysaid.com/docs/24-40-60
Exploit https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
Exploit https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
62
/ 100
high-risk
Severity 31/34 · Critical
Exploitability 26/34 · High
Exposure 5/34 · Minimal