Security News > 2025 > May > SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
2025-05-07 11:31

Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is


News URL

https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-05-07 CVE-2025-2777 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
0.0
0.0
2025-05-07 CVE-2025-2776 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
0.0
0.0
2025-05-07 CVE-2025-2775 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
0.0
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Sysaid 8 0 15 5 7 27