CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54309link is external CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558link is external Google Chromium ANGLE and GPU Improper Input...

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

VulnCheck KEV: CVE-2025-2775

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

VulnCheck KEV: CVE-2025-2777

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...

VulnCheck KEV: CVE-2025-2776

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

CVE-2025-2776

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

CVE-2025-2777

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...

CVE-2025-2775

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

CVE-2025-2777

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...

CVE-2025-2777 SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...

CVE-2025-2777

Summary: CVE-2025-2777 affects SysAid On-Prem versions ≤ 23.3.40, with an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing endpoint. This can enable administrator account takeover and arbitrary file read primitives, per multiple sources in the connected documents. Wh...

CVE-2025-2776 SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

SysAid On-Prem 安全漏洞

SysAid On-Prem is a locally deployed IT Service Management ITSM platform from SysAid Israel. A security vulnerability exists in SysAid On-Prem versions 23.3.40 and earlier, which stems from an unvalidated XML external entity vulnerability in the Server URL handling feature that could lead to...

SysAid On-Prem 安全漏洞

SysAid On-Prem is a locally deployed IT Service Management ITSM platform from SysAid Israel. A security vulnerability exists in SysAid On-Prem versions 23.3.40 and earlier, which stems from an unvalidated XML external entity vulnerability in the Checkin processing function that could lead to...

PT-2025-20134

Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem is affected by an unauthenticated XML External Entity XXE issue in the Server URL processing functionality. This allows for administrator account takeover and file read...

PT-2025-20233

Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem software is affected by an unauthenticated XML External Entity XXE issue in the lshw processing functionality. Exploitation of this issue may allow a remote attacker to tak...

PT-2025-20068

Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier Description SysAid On-Prem is affected by an unauthenticated XML External Entity XXE issue in the Checkin processing functionality. This allows for administrator account takeover and file read...