CVE-2025-2775

🗓️ 07 May 2025 14:43:23Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 155 Views

SysAid On-Prem versions <= 23.3.40 vulnerable to unauthenticated XML External Entity issue.

Reporter	Title	Published	Views	Family All 17
Circl	CVE-2025-2775	7 May 202509:31	–	circl
CISA KEV Catalog	SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability	22 Jul 202500:00	–	cisa_kev
CISA	CISA Adds Four Known Exploited Vulnerabilities to Catalog	22 Jul 202512:00	–	cisa
CNNVD	SysAid On-Prem 安全漏洞	7 May 202500:00	–	cnnvd
Cvelist	CVE-2025-2775 SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection	7 May 202514:43	–	cvelist
NCSC	Vulnerabilities fixed in SysAid On-Prem	8 May 202506:56	–	ncsc
Nuclei	SysAid On-Prem <= 23.3.40 - XML External Entity	2 Jun 202610:14	–	nuclei
NVD	CVE-2025-2775	7 May 202515:15	–	nvd
OSV	CVE-2025-2775	7 May 202515:15	–	osv
Positive Technologies	PT-2025-20068	20 Dec 202400:00	–	ptsecurity

NVD

Vulners

CNA

Node

sysaid sysaidRange≤23.3.40on-premises

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Checkin"
    ],
    "product": "SysAid On-Prem",
    "vendor": "SysAid",
    "versions": [
      {
        "lessThanOrEqual": "23.3.40",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
labs	www.labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
documentation	www.documentation.sysaid.com/docs/24-40-60
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog