CVE-2025-2775

CRITICAL KEV NUCLEI

SysAid On-Prem <= 23.3.40 - XML External Entity

Title source: nuclei

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.

Exploits (3)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/SysAidOn-Prem-CVE-2025-2775-XmlExternalEntity.py

View Code ZIP pw:eip

nomisec WORKING POC 12 stars

by watchtowrlabs · remote

https://github.com/watchtowrlabs/watchTowr-vs-SysAid-PreAuth-RCE-Chain

View Code ZIP pw:eip

github WRITEUP 7 stars

by cybersecplayground · poc

https://github.com/cybersecplayground/PoC-and-CVE-Reports/tree/main/2025/CVE-2025-2775_CVE-2025-2776_CVE-2025-2777.md

View Code ZIP pw:eip

Nuclei Templates (1)

SysAid On-Prem <= 23.3.40 - XML External Entity

CRITICALby johnk3r

Shodan: http.favicon.hash:"1540720428"

FOFA: icon_hash=1540720428

References (3)

[Release Notes] https://documentation.sysaid.com/docs/24-40-60

[Exploit, Third Party Advisory] https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2775

Scores

CVSS v3 9.3

EPSS 0.6926

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Details

CISA KEV 2025-07-22

VulnCheck KEV 2025-05-19

ENISA EUVD EUVD-2025-13878

CWE

CWE-611

Status published

Products (1)

sysaid/sysaid < 23.3.40

Published May 07, 2025

KEV Added Jul 22, 2025

Tracked Since Feb 18, 2026