CVE-2025-2775

SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.

INFO

Published Date :

2025-05-07T14:43:23.817Z

Last Modified :

2025-11-19T18:33:18.279Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2025-2775 vulnerability.

Vendors	Products
Sysaid	Sysaid Sysaid On-premises

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-2775.

URL	Resource
https://documentation.sysaid.com/docs/24-40-60
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2775

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact