DEV Community

Cover image for CVE-2025-2775: SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2025-2775: SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

#sysaid #sysaidonprem #cybersecurity #vulnerability

CVE ID

CVE-2025-2775

Vulnerability Name

SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

  • Project: SysAid
  • Product: SysAid On-Prem

Date

  • Date Added: 2025-07-22
  • Due Date: 2025-08-12

Description

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://documentation.sysaid.com/docs/24-40-60 ; https://nvd.nist.gov/vuln/detail/CVE-2025-2775

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)