Jake Knott of watchTowr (@watchTowrcyber) - Security Researcher

CVE-2025-2776 GITHUB CRITICAL python WORKING POC

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

12 stars

CVSS 9.3

View Code

CVE-2025-2777 GITHUB CRITICAL python WORKING POC

SysAid On-Prem <= 23.3.40 - XML External Entity

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.

12 stars

CVSS 9.3

View Code

CVE-2025-2778 GITHUB python WORKING POC

Rejected

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

12 stars

View Code