Cybersecurity experts have uncovered critical XML External Entity (XXE) vulnerabilities in the on-premise version of SysAid IT support software, enabling potential remote code execution and data breach. These flaws have been fixed in version 24.4.60 b16 released in March 2025, emphasizing the need for users to update their systems. (Affected: SysAid on-premise systems)
Keypoints :
- Multiple XXE injection vulnerabilities (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) affect SysAid’s on-premise version, allowing pre-authenticated remote code execution.
- Exploiting these flaws involves sending specially crafted HTTP POST requests to specific endpoints, which can lead to remote code execution or access to sensitive files.
- Attackers can retrieve sensitive information such as administrator credentials stored in files like “InitAccount.cmd”.
- Exploitation could be combined with other vulnerabilities, such as command injection (CVE-2025-2778), to achieve full remote control over the system.
- SysAid released a security update (version 24.4.60 b16) in March 2025 to address these vulnerabilities.
- A proof-of-concept exploit demonstrating the chain of vulnerabilities has been made publicly available, highlighting the urgency of updating.
- Previous vulnerabilities (CVE-2023-47246) had been exploited in past ransomware attacks, underscoring the importance of timely system updates.
Read More: https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html