CVE-2025-2775 Information

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality allowing for administrator account takeover and file read primitives.

Reference

https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/