CVE-2025-2776

SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection

Basic Information

CVE State: PUBLISHED
Reserved Date: March 24, 2025
Published Date: May 07, 2025
Last Updated: November 19, 2025
Vendor: SysAid
Product: SysAid On-Prem
Description: SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Tags

CVSS Scores

CVSS v3.1

9.3 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:37:22 UTC) Source

References

https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:37:22 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-2776.yaml	2026-06-01 15:34:41 UTC

Timeline

CVE ID Reserved

March 24, 2025
CVE Published to Public

May 07, 2025
Added to KEVIntel

June 01, 2026
Detected by Nuclei

June 01, 2026