CVE-2025-2775

SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection

Basic Information

CVE State: PUBLISHED
Reserved Date: March 24, 2025
Published Date: May 07, 2025
Last Updated: November 19, 2025
Vendor: SysAid
Product: SysAid On-Prem
Description: SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Tags

CVSS Scores

CVSS v3.1

9.3 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:37:22 UTC) Source

References

https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:37:22 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-2775.yaml	2026-06-01 15:34:41 UTC

Timeline

CVE ID Reserved

March 24, 2025
CVE Published to Public

May 07, 2025
Added to KEVIntel

June 01, 2026
Detected by Nuclei

June 01, 2026