Sysaid On-Prem vulnerabilities
3 known vulnerabilities affecting sysaid/sysaid_on-prem.
Total CVEs
3
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-2776P1CRITICALCVSS 9.8KEVPoC≤ 23.3.402025-05-07
CVE-2025-2776 [CRITICAL] CWE-611 CVE-2025-2776: SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vu
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
nvd
CVE-2025-2775P1HIGHCVSS 7.5KEVPoC≤ 23.3.402025-05-07
CVE-2025-2775 [HIGH] CWE-611 CVE-2025-2775: SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vu
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
nvd
CVE-2025-2777P1CRITICALCVSS 9.8ExploitedPoC≤ 23.3.402025-05-07
CVE-2025-2777 [CRITICAL] CWE-611 CVE-2025-2777: SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vu
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
nvd