CVE-2025-2776

Published: May 7, 2025
Updated: Jun 28, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-2776" target="_blank" rel="noopener"> CVE-2025-2776
Severity: Critical
Exploit:

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.