CVE-2025-2777 Information

May 08, 2025 cve

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality allowing for administrator account takeover and file read primitives.

Reference

https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/

Share on: