Description
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Product(s):
- SysAid On-Premises
Question to Ask Vendors:
- Have you updated all instances of SysAid On-Premises to version 24.4.60 b16 or later to mitigate the risk of CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777?
- Can you confirm that all external access points to SysAid endpoints (/mdm/checkin, /mdm/serverurl, /lshw) have been appropriately secured or restricted from unauthorized external connections to prevent XML External Entity (XXE) injection and Server-Side Request Forgery (SSRF)?
- Have you implemented monitoring measures to detect suspicious or malicious requests targeting the SysAid endpoints (/mdm/checkin, /mdm/serverurl, /lshw) that were previously vulnerable to XXE injection and SSRF?
- Have you reviewed and updated your incident response procedures to ensure rapid identification and remediation capabilities for XXE-based vulnerabilities, specifically those identified in CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777?
Recommended Actions:
- Ensure all external access points to SysAid endpoints (/mdm/checkin, /mdm/serverurl, /lshw) are appropriately secured or restricted from unauthorized external connections.
- Monitor SysAid server logs actively for signs of suspicious or malicious requests targeting these endpoints.
- Review incident response procedures, ensuring rapid identification and remediation capabilities for XXE-based vulnerabilities.
- Upgrade SysAid Immediately: Update to SysAid On-Premises version 24.4.60 b16 or later. Since this vulnerability is tagged as 'Medium,' it's important to verify whether you're using the affected product.
References:
- http://webappsec.pbworks.com/XML-External-Entities
- https://capec.mitre.org/data/definitions/221.html
- https://documentation.sysaid.com/docs/24-40-60
- https://nvd.nist.gov/vuln/detail/CVE-2025-2775
- https://nvd.nist.gov/vuln/detail/CVE-2025-2776
- https://nvd.nist.gov/vuln/detail/CVE-2025-2777
- https://thehackernews.com/sysaid-vulnerabilities
- https://watchtowr.com/sysowned-research