A critical XML External Entity (XXE) vulnerability in SysAid On-Prem, tracked as CVE-2025-2775, is being actively exploited in the wild. This flaw, which affects versions up to 23.3.40, allows unauthenticated attackers to take over administrator accounts and read files on the system. The vulnerability has been assigned a CVSS score of 7.5, indicating a high severity, and it was added to the Known Exploited Vulnerabilities (KEV) catalog on July 22, 2025.
The vulnerability was first published on May 7, 2025, and has a Time to Exploit (TTE) in the wild of just over 75 days, underscoring the urgency for organizations to address this issue. The Exploit Prediction Scoring System (EPSS) rate is 0.693, suggesting a significant likelihood of exploitation. A proof-of-concept (PoC) exploit is available, further increasing the risk to unpatched systems.
The vulnerability resides in the Checkin processing functionality of SysAid On-Prem, where it can be leveraged to execute unauthorized actions by manipulating XML data. This can lead to severe consequences, including unauthorized access to sensitive information and potential system compromise.
Organizations using SysAid On-Prem are urged to apply available patches immediately to mitigate the risk of exploitation. Given the active exploitation status and the inclusion in the KEV list, swift action is recommended to protect systems from potential breaches.
CSURFACE