CVE-2025-2776

high-risk
Published 2025-05-07

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

Do I need to act?

!
62.6% chance of exploitation in next 30 days
EPSS score — higher than 37% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.3/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Sysaid

References (3)

Release Notes https://documentation.sysaid.com/docs/24-40-60
Exploit https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
62
/ 100
high-risk
Severity 31/34 · Critical
Exploitability 26/34 · High
Exposure 5/34 · Minimal