CVE-2025-2775 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-05-07

Added to CISA KEV: 2025-07-22 76 DAYS BETWEEN CVE AND KEV

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
Immediately upgrade SysAid On-Prem to version > 23.3.40
If immediate patching not possible, remove internet exposure or implement strict network access controls
Monitor for suspicious XML processing requests and unauthorized administrator account activities
Conduct incident response investigation if running vulnerable versions with internet exposure

CVE-2025-2775 Detail - NVD
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality.
CVE-2025-2775 : SysAid On-Prem versions - CVEdetails.com
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality.
CISA Adds Four Known Exploited Vulnerabilities to Catalog
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
SysAid — Latest News, Reports & Analysis |
... vulnerabilities in question are listed below - CVE-2025-2775 ... Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775
CVE-2025-2775 | Arctic Wolf
Given the low barrier to exploitation and the public availability of a PoC exploit, this vulnerability presents an attractive target for threat actors. In 2023, ...

🔴 CVE-2025-2775