Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-2777

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.131
EPSS Ranking 93.8%
CVSS Severity
CVSS v3 Score 9.3
Products affected by CVE-2025-2777
  • Sysaid » Sysaid » Version: N/A
    cpe:2.3:a:sysaid:sysaid:-
  • Sysaid » Sysaid » Version: 21.4.45
    cpe:2.3:a:sysaid:sysaid:21.4.45
  • Sysaid » Sysaid » Version: 22.1.64
    cpe:2.3:a:sysaid:sysaid:22.1.64
  • Sysaid » Sysaid » Version: 22.1.65
    cpe:2.3:a:sysaid:sysaid:22.1.65
  • Sysaid » Sysaid » Version: 22.3.35
    cpe:2.3:a:sysaid:sysaid:22.3.35
  • Sysaid » Sysaid » Version: 22.4.45
    cpe:2.3:a:sysaid:sysaid:22.4.45
  • Sysaid » Sysaid » Version: 23.2.14
    cpe:2.3:a:sysaid:sysaid:23.2.14
  • Sysaid » Sysaid » Version: 23.2.15
    cpe:2.3:a:sysaid:sysaid:23.2.15
  • Sysaid » Sysaid » Version: 23.3.34
    cpe:2.3:a:sysaid:sysaid:23.3.34
  • Sysaid » Sysaid » Version: 23.3.35
    cpe:2.3:a:sysaid:sysaid:23.3.35
  • Sysaid » Sysaid » Version: 23.3.36
    cpe:2.3:a:sysaid:sysaid:23.3.36
  • Sysaid » Sysaid » Version: 23.3.37
    cpe:2.3:a:sysaid:sysaid:23.3.37
  • Sysaid » Sysaid » Version: 23.3.40
    cpe:2.3:a:sysaid:sysaid:23.3.40


Products
Pricing
Contact Us

Shodan ® - All rights reserved