CVE-2025-2777

Critical CVSS: 9.3

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.

Vendor

Sysaid

Product

Sysaid

CWE

CWE-611

Yayın Tarihi

2025-05-07 15:15:57

Güncelleme

2025-06-27 14:35:46

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-611 Sysaid CRITICAL Sysaid 2025

Referanslar

https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/