CISA warns of hackers exploiting SysAid vulnerabilities in attacks

Threat Score
61%
3 articles 78.0% Similarity 15 hours ago

Activity Timeline

CISA Warns: SysAid Flaws Under Active Attack Enabl...
The Hacker News
Jul 23
06:23
CISA Warns of SysAid Vulnerability Exploitation...
SecurityWeek
Jul 23
07:47
CISA warns of hackers exploiting SysAid vulnerabil...
BleepingComputer
Primary Article
Jul 23
13:30
CISA warns of hackers exploiting SysAid vulnerabilities in attacks
  • CISA has identified two critical vulnerabilities in SysAid software, CVE-2025-2775 and CVE-2025-2776, both with a CVSS score of 9.3, allowing for administrator account takeover and unauthorized file access.
  • The vulnerabilities stem from improper restrictions of XML external entity (XXE) references, enabling attackers to exploit the flaws for remote file access and server-side request forgery (SSRF).
  • These vulnerabilities are actively being exploited in the wild, prompting CISA to add them to its Known Exploited Vulnerabilities (KEV) catalog.
  • SysAid has released patches in version 24.4.60 to address these vulnerabilities; organizations using affected versions should upgrade immediately to mitigate risks.
  • Security teams should monitor for signs of exploitation and ensure that all instances of SysAid are updated to the latest version to prevent unauthorized access.

CISA has warned that two critical vulnerabilities in SysAid IT service management software (CVE-2025-2775 and CVE-2025-2776) are being actively exploited, allowing attackers to hijack administrator accounts and access sensitive files. These flaws arise from improper XML external entity (XXE) handling, posing significant risks to organizations using affected versions. SysAid has released a patch in version 24.4.60, and it is crucial for organizations to upgrade immediately. Security teams should also implement monitoring for exploitation attempts and ensure all systems are secured to prevent unauthorized access.

Save to Folder

Choose a folder to save this cluster: