CISA warns of active exploitation of two severe vulnerabilities in SysAid ITSM software, risking administrator account hijacking. Organizations are urged to patch these flaws promptly to prevent potential data breaches and unauthorized access. #CVE-2025-2775 #CVE-2025-2776 #SysAid #CISA
Keypoints
- Two critical XML External Entity (XXE) vulnerabilities in SysAid were reported and subsequently patched in March 2025.
- Cybercriminals can exploit these flaws easily, allowing them to access sensitive local files on vulnerable systems.
- CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, mandating federal agencies to patch by August 12, 2025.
- Although no evidence links these flaws to ransomware attacks, previous vulnerabilities have been exploited by financially motivated groups like FIN11.
- Over 5,000 organizations worldwide use SysAid, with many servers exposed online, emphasizing the urgency of applying updates.