ГлавнаяУязвимости → CVE-2025-2776
9.3критическая

CVE-2025-2776

Описание

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

Затрагиваемое ПО
Sysaid Sysaid
CVSS
Балл9.3 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Источники
https://documentation.sysaid.com/docs/24-40-60https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776