CVE-2025-2776CRITICAL 9.8CISA KEVEPSS p99.4%

CVE-2025-2776SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

SysAid / SysAid On-Prem

Description

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS72.97% probability of exploitation · percentile 99.4% · 2026-06-19T12:03:05Z
Published2025-05-07
Last modified2025-10-27

CISA KEV entry

Added to KEV: 2025-07-22

Underlying weaknesses· 1

CWE-611

References

  1. https://documentation.sysaid.com/docs/24-40-60
  2. https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2776

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of XML External Entity Referencecwe-6110%live

(incoming)1

TypeTargetConfidenceTier
KEVEntrySysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerabilitykev-cve-2025-27760%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-2777
CVE
SysAid Server Path Traversal Vulnerability
CVE
CVE-2026-8045
CVE
CVE-2025-48006
CVE
CVE-2025-22478
CVE
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.