CVE Watchtower

CVE-2025-2776NVD

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

Severity Level

CRITICAL (9.3)

Published Date

07/05/2025

Last Modified

23/07/2025

Exploitation Status

????

References

https://documentation.sysaid.com/docs/24-40-60
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/