๐Ÿ”ด CVE-2025-2775

SysAid On-Prem is vulnerable to an unauthenticated XML External Entity (XXE) vulnerability allowing administrator account takeover and file read primitives. This is a server-side application typically deployed with internet-facing interfaces for IT support services.

โ† Back to Overview
HIGH_RISK
Risk Level
9.3
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 โ€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-05-07

Added to CISA KEV: 2025-07-22 76 DAYS BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2025-09-06)

Here's what is known about the CVE-2025-2775 vulnerability:

  • Affected Applications/Services:
* CVE-2025-2775 affects SysAid On-Prem versions equal to or less than 23.3.40 [1][2]. * It is an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality [1][2]. * This vulnerability affects internet-facing applications [3].
  • Active Exploitation:
* There is evidence of active exploitation of this vulnerability [3][4]. * CISA has added CVE-2025-2775 to its Known Exploited Vulnerabilities Catalog (KEV) [3].
  • Attack Vectors and Exploitation Methods:
* The vulnerability can be exploited by a remote, unauthenticated threat actor [5]. * Exploitation involves sending specially crafted HTTP POST requests [5]. * Successful exploitation can lead to pre-authenticated Remote Code Execution (RCE) [6][7].
  • Targeted Attacks:
* While not explicitly stated, the low barrier to exploitation and the availability of a Proof of Concept (PoC) exploit make it an attractive target for malicious actors [5]. * Such vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks [3].
  • CISA KEV Status:
* CISA has added CVE-2025-2775 to its Known Exploited Vulnerabilities Catalog [3].
  • Technical Details/Internet Exploitability:
* The vulnerability is an unauthenticated XML External Entity (XXE) vulnerability [1][2]. * It is exploited by sending specially crafted HTTP POST requests [5]. * A Proof of Concept (PoC) exploit is publicly available, increasing the likelihood of exploitation [5][6].

Sources

  1. CVE-2025-2775 Detail - NVD

    SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality.

  2. CVE-2025-2775 : SysAid On-Prem versions - CVEdetails.com

    SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality.

  3. CISA Adds Four Known Exploited Vulnerabilities to Catalog

    These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

  4. SysAid โ€” Latest News, Reports & Analysis |

    ... vulnerabilities in question are listed below - CVE-2025-2775 ... Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775โ€ฆ

  5. CVE-2025-2775 | Arctic Wolf

    Given the low barrier to exploitation and the public availability of a PoC exploit, this vulnerability presents an attractive target for threat actors. In 2023, ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed