CVE-2025-2776

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://documentation.sysaid.com/docs/24-40-60	Release Notes
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/	Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776

Configurations

Configuration 1 (hide)

cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*

History

21 Oct 2025, 23:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776 -

21 Oct 2025, 20:20

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:21

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776 -

27 Jun 2025, 15:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 15:15

Updated : 2025-10-21 23:16

NVD link : CVE-2025-2776

Mitre link : CVE-2025-2776

CVE.ORG link : CVE-2025-2776

JSON object : View

Products Affected

sysaid

sysaid

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2025-2776", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-05-07T15:15:57.573", "references": [{"url": "https://documentation.sysaid.com/docs/24-40-60", "tags": ["Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives."}, {"lang": "es", "value": "Las versiones de SysAid On-Prem <= 23.3.40 son afectados por una vulnerabilidad de entidad externa XML no autenticada (XXE) en la funcionalidad de procesamiento de URL del servidor, lo que permite la toma de control de la cuenta del administrador y primitivas de lectura de archivos."}], "lastModified": "2025-10-21T23:16:55.670", "cisaActionDue": "2025-08-12", "cisaExploitAdd": "2025-07-22", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*", "vulnerable": true, "matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899", "versionEndIncluding": "23.3.40"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability"}