CVE-2025-2775
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
CVSS
—
Sin CVSS
EPSS
54.6%
p99
KEV
SÍ
22 jul 2025
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
SysAid / SysAid On-Prem
Vulnerabilidad
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
Añadido a KEV
22 jul 2025
Remediar antes de
12 ago 2025
Uso conocido en ransomware
No
Descripción resumida
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://documentation.sysaid.com/docs/24-40-60 ; https://nvd.nist.gov/vuln/detail/CVE-2025-2775