← Zuruck zu CVEs
CVE-2025-2776
CRITICALCISA KEV9.3
Beschreibung
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
CVE Details
CVSS v3.1 Bewertung9.3
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/7/2025
Zuletzt geandert10/27/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerSysAid
ProduktSysAid On-Prem
SchwachstellennameSysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
KEV Aufnahmedatum2025-07-22
Behebungsfrist2025-08-12
Ransomware-NutzungUnknown
Betroffene Produkte
sysaid:sysaid
Schwachen (CWE)
CWE-611
Referenzen
https://documentation.sysaid.com/docs/24-40-60(disclosure@vulncheck.com)
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/(disclosure@vulncheck.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.