CVE-2025-2775

Name of the Vulnerable Software and Affected Versions SysAid On-Prem versions 23.3.40 and earlier

Description SysAid On-Prem is affected by an unauthenticated XML External Entity (XXE) issue in the Checkin processing functionality. This allows for administrator account takeover and file read capabilities. Multiple reports indicate this issue, identified as CVE-2025-2775, can be chained with other flaws to achieve remote code execution (RCE). The vulnerability resides in the improper restriction of XML external entity references, specifically when processing check-in requests. Exploitation involves submitting malicious XML payloads, potentially through the /api/v1/servicenow endpoint. The XML input is vulnerable. This allows attackers to potentially exfiltrate sensitive data. Several sources indicate the vulnerability is actively exploited.

Recommendations Update SysAid On-Prem to version 24.4.60 b16 or later. As a temporary workaround, disable XXE processing. Monitor API logs for suspicious activity. Restrict access to the Checkin processing functionality.