CVE-2025-2777

Published: May 7, 2025
Updated: Jun 28, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-2777" target="_blank" rel="noopener"> CVE-2025-2777
Severity: Critical
Exploit:

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.