Security News > 2025 > May > SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
2025-05-07 11:31

Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is


News URL

https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sysaid 8 0 15 5 7 27