Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-2775

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.559
EPSS Ranking 98.0%
CVSS Severity
CVSS v3 Score 9.3
Proposed Action
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Ransomware Campaign
Unknown
Products affected by CVE-2025-2775
  • Sysaid » Sysaid » Version: N/A
    cpe:2.3:a:sysaid:sysaid:-
  • Sysaid » Sysaid » Version: 21.4.45
    cpe:2.3:a:sysaid:sysaid:21.4.45
  • Sysaid » Sysaid » Version: 22.1.64
    cpe:2.3:a:sysaid:sysaid:22.1.64
  • Sysaid » Sysaid » Version: 22.1.65
    cpe:2.3:a:sysaid:sysaid:22.1.65
  • Sysaid » Sysaid » Version: 22.3.35
    cpe:2.3:a:sysaid:sysaid:22.3.35
  • Sysaid » Sysaid » Version: 22.4.45
    cpe:2.3:a:sysaid:sysaid:22.4.45
  • Sysaid » Sysaid » Version: 23.2.14
    cpe:2.3:a:sysaid:sysaid:23.2.14
  • Sysaid » Sysaid » Version: 23.2.15
    cpe:2.3:a:sysaid:sysaid:23.2.15
  • Sysaid » Sysaid » Version: 23.3.34
    cpe:2.3:a:sysaid:sysaid:23.3.34
  • Sysaid » Sysaid » Version: 23.3.35
    cpe:2.3:a:sysaid:sysaid:23.3.35
  • Sysaid » Sysaid » Version: 23.3.36
    cpe:2.3:a:sysaid:sysaid:23.3.36
  • Sysaid » Sysaid » Version: 23.3.37
    cpe:2.3:a:sysaid:sysaid:23.3.37
  • Sysaid » Sysaid » Version: 23.3.40
    cpe:2.3:a:sysaid:sysaid:23.3.40


Products
Pricing
Contact Us

Shodan ® - All rights reserved