{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2776", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-03-24T21:52:44.166Z", "datePublished": "2025-05-07T14:50:40.717Z", "dateUpdated": "2025-07-30T01:36:13.719Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["serverurl"], "product": "SysAid On-Prem", "vendor": "SysAid", "versions": [{"lessThanOrEqual": "23.3.40", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology)"}, {"lang": "en", "type": "finder", "value": "Jake Knott"}, {"lang": "en", "type": "sponsor", "value": "watchTowr"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>SysAid On-Prem versions &lt;= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.</div>"}], "value": "SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives."}], "impacts": [{"capecId": "CAPEC-250", "descriptions": [{"lang": "en", "value": "CAPEC-250 XML Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-05-07T14:50:40.717Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://documentation.sysaid.com/docs/24-40-60"}, {"tags": ["exploit"], "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/"}], "source": {"discovery": "UNKNOWN"}, "title": "SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2776", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-22T03:55:28.273841Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-07-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776"}}}], "timeline": [{"time": "2025-07-22T00:00:00+00:00", "lang": "en", "value": "CVE-2025-2776 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T01:36:13.719Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2776", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-22T03:55:28.273841Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2025-07-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776"}}}], "timeline": [{"lang": "en", "time": "2025-07-22T00:00:00+00:00", "value": "CVE-2025-2776 added to CISA KEV"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T15:18:24.446Z"}}], "cna": {"title": "SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology)"}, {"lang": "en", "type": "finder", "value": "Jake Knott"}, {"lang": "en", "type": "sponsor", "value": "watchTowr"}], "impacts": [{"capecId": "CAPEC-250", "descriptions": [{"lang": "en", "value": "CAPEC-250 XML Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SysAid", "modules": ["serverurl"], "product": "SysAid On-Prem", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "23.3.40"}], "defaultStatus": "affected"}], "references": [{"url": "https://documentation.sysaid.com/docs/24-40-60", "tags": ["vendor-advisory"]}, {"url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/", "tags": ["exploit"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.", "supportingMedia": [{"type": "text/html", "value": "<div>SysAid On-Prem versions &lt;= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-05-07T14:50:40.717Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2776", "state": "PUBLISHED", "dateUpdated": "2025-07-30T01:36:13.719Z", "dateReserved": "2025-03-24T21:52:44.166Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-05-07T14:50:40.717Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cisaActionDue": "2025-08-12", "cisaExploitAdd": "2025-07-22", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*", "matchCriteriaId": "9F967FFC-8AE4-4215-B2F5-333870F75899", "versionEndIncluding": "23.3.40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives."}, {"lang": "es", "value": "Las versiones de SysAid On-Prem &lt;= 23.3.40 son afectados por una vulnerabilidad de entidad externa XML no autenticada (XXE) en la funcionalidad de procesamiento de URL del servidor, lo que permite la toma de control de la cuenta del administrador y primitivas de lectura de archivos."}], "id": "CVE-2025-2776", "lastModified": "2025-07-23T01:00:01.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-07T15:15:57.573", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Release Notes"], "url": "https://documentation.sysaid.com/docs/24-40-60"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}