- • CISA has identified two critical vulnerabilities in SysAid software, CVE-2025-2775 and CVE-2025-2776, both with a CVSS score of 9.3, allowing for administrator account takeover and unauthorized file access.
- • The vulnerabilities stem from improper restrictions of XML external entity (XXE) references, enabling attackers to exploit the flaws for remote file access and server-side request forgery (SSRF).
- • These vulnerabilities are actively being exploited in the wild, prompting CISA to add them to its Known Exploited Vulnerabilities (KEV) catalog.
- • SysAid has released patches in version 24.4.60 to address these vulnerabilities; organizations using affected versions should upgrade immediately to mitigate risks.
- • Security teams should monitor for signs of exploitation and ensure that all instances of SysAid are updated to the latest version to prevent unauthorized access.
CISA has warned that two critical vulnerabilities in SysAid IT service management software (CVE-2025-2775 and CVE-2025-2776) are being actively exploited, allowing attackers to hijack administrator accounts and access sensitive files. These flaws arise from improper XML external entity (XXE) handling, posing significant risks to organizations using affected versions. SysAid has released a patch in version 24.4.60, and it is crucial for organizations to upgrade immediately. Security teams should also implement monitoring for exploitation attempts and ensure all systems are secured to prevent unauthorized access.