CVE Watchtower

CVE-2025-2775NVD

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.

Severity Level

CRITICAL (9.3)

Published Date

07/05/2025

Last Modified

23/07/2025

Exploitation Status

????

References

https://documentation.sysaid.com/docs/24-40-60
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/