CVE-2025-2775 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

SysAid On-Prem versions
Critical KEV CVSS: 9.3

CVE-2025-2775

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Vendor
Sysaid
Product
Sysaid
CWE
CWE-611
Yayın Tarihi
2025-05-07 15:15:57
Güncelleme
2025-10-27 16:58:55
Source Identifier
disclosure@vulncheck.com
KEV Date Added
2025-07-22

Kategoriler

CWE-611 Sysaid CRITICAL Sysaid 2025

Referanslar

https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2775