Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-2776

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.488
EPSS Ranking 97.7%
CVSS Severity
CVSS v3 Score 9.3
Proposed Action
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Ransomware Campaign
Unknown
Products affected by CVE-2025-2776
  • Sysaid » Sysaid » Version: N/A
    cpe:2.3:a:sysaid:sysaid:-
  • Sysaid » Sysaid » Version: 21.4.45
    cpe:2.3:a:sysaid:sysaid:21.4.45
  • Sysaid » Sysaid » Version: 22.1.64
    cpe:2.3:a:sysaid:sysaid:22.1.64
  • Sysaid » Sysaid » Version: 22.1.65
    cpe:2.3:a:sysaid:sysaid:22.1.65
  • Sysaid » Sysaid » Version: 22.3.35
    cpe:2.3:a:sysaid:sysaid:22.3.35
  • Sysaid » Sysaid » Version: 22.4.45
    cpe:2.3:a:sysaid:sysaid:22.4.45
  • Sysaid » Sysaid » Version: 23.2.14
    cpe:2.3:a:sysaid:sysaid:23.2.14
  • Sysaid » Sysaid » Version: 23.2.15
    cpe:2.3:a:sysaid:sysaid:23.2.15
  • Sysaid » Sysaid » Version: 23.3.34
    cpe:2.3:a:sysaid:sysaid:23.3.34
  • Sysaid » Sysaid » Version: 23.3.35
    cpe:2.3:a:sysaid:sysaid:23.3.35
  • Sysaid » Sysaid » Version: 23.3.36
    cpe:2.3:a:sysaid:sysaid:23.3.36
  • Sysaid » Sysaid » Version: 23.3.37
    cpe:2.3:a:sysaid:sysaid:23.3.37
  • Sysaid » Sysaid » Version: 23.3.40
    cpe:2.3:a:sysaid:sysaid:23.3.40


Products
Pricing
Contact Us

Shodan ® - All rights reserved