cve-2025-2776
Vulnerability from cvelistv5
Published
2025-05-07 14:50
Modified
2025-05-08 03:56
Severity ?
EPSS score ?
Summary
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
References
| ▼ | URL | Tags | |
|---|---|---|---|
| disclosure@vulncheck.com | https://documentation.sysaid.com/docs/24-40-60 | Release Notes | |
| disclosure@vulncheck.com | https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ | Exploit, Third Party Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SysAid | SysAid On-Prem |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2776",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T03:56:10.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"serverurl"
],
"product": "SysAid On-Prem",
"vendor": "SysAid",
"versions": [
{
"lessThanOrEqual": "23.3.40",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sina Kheirkhah (@SinSinology)"
},
{
"lang": "en",
"type": "finder",
"value": "Jake Knott"
},
{
"lang": "en",
"type": "sponsor",
"value": "watchTowr"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eSysAid On-Prem versions \u0026lt;= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.\u003c/div\u003e"
}
],
"value": "SysAid On-Prem versions \u003c= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives."
}
],
"impacts": [
{
"capecId": "CAPEC-250",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-250 XML Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:50:40.717Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.sysaid.com/docs/24-40-60"
},
{
"tags": [
"exploit"
],
"url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SysAid On-Prem \u003c= 23.3.40 serverurl Proceessing XML External Entity Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-2776",
"datePublished": "2025-05-07T14:50:40.717Z",
"dateReserved": "2025-03-24T21:52:44.166Z",
"dateUpdated": "2025-05-08T03:56:10.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-2776\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-05-07T15:15:57.573\",\"lastModified\":\"2025-06-27T15:22:41.477\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SysAid On-Prem versions \u003c= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.\"},{\"lang\":\"es\",\"value\":\"Las versiones de SysAid On-Prem \u0026lt;= 23.3.40 son afectados por una vulnerabilidad de entidad externa XML no autenticada (XXE) en la funcionalidad de procesamiento de URL del servidor, lo que permite la toma de control de la cuenta del administrador y primitivas de lectura de archivos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*\",\"versionEndIncluding\":\"23.3.40\",\"matchCriteriaId\":\"9F967FFC-8AE4-4215-B2F5-333870F75899\"}]}]}],\"references\":[{\"url\":\"https://documentation.sysaid.com/docs/24-40-60\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.