CVE-2025-2776 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-05-07

Added to CISA KEV: 2025-07-22 76 DAYS BETWEEN CVE AND KEV

CRITICAL: Immediately update SysAid On-Prem to version 23.3.41 or later
If immediate patching is not possible, temporarily restrict network access to SysAid instances or take them offline
Monitor for indicators of compromise including unauthorized administrator access and unusual file access patterns
Review logs for XML injection attempts in Server URL processing functionality
Implement network segmentation to limit exposure of SysAid instances

CVE Alert: CVE-2025-2776 – SysAid – SysAid On-Prem
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality,
CVE-2025-2776 : SysAid On-Prem versions - CVEdetails.com
CVE-2025-2776 : SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functiona
CVE-2025-2776 Analysis: Unpatched SysAid Vulnerability Puts Global ...
CVE-2025-2776 Analysis: Unpatched SysAid Vulnerability Puts Global Networks at Risk.Given its unauthenticated nature and exposure on internet-facing systems, this flaw is a prime target for both opportunistic attackers and advanced persistent threats (APTs).
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre ...
It goes without saying - ITSMs are genuine, Internet-facing, treasure troves for your neighbourhood miscreants, red teams, and squirrels.
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability; CVE-2025-2776 SysAid On-Prem Improper Restriction of XML ...

🔴 CVE-2025-2776