CVE-2025-2776 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

SysAid On-Prem versions
Critical KEV CVSS: 9.3

CVE-2025-2776

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Vendor
Sysaid
Product
Sysaid
CWE
CWE-611
Yayın Tarihi
2025-05-07 15:15:57
Güncelleme
2025-10-27 16:58:51
Source Identifier
disclosure@vulncheck.com
KEV Date Added
2025-07-22

Kategoriler

CWE-611 Sysaid CRITICAL Sysaid 2025

Referanslar

https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776