{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2776", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-03-24T21:52:44.166Z", "datePublished": "2025-05-07T14:50:40.717Z", "dateUpdated": "2025-05-08T03:56:10.633Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["serverurl"], "product": "SysAid On-Prem", "vendor": "SysAid", "versions": [{"lessThanOrEqual": "23.3.40", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology)"}, {"lang": "en", "type": "finder", "value": "Jake Knott"}, {"lang": "en", "type": "sponsor", "value": "watchTowr"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>SysAid On-Prem versions &lt;= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.</div>"}], "value": "SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives."}], "impacts": [{"capecId": "CAPEC-250", "descriptions": [{"lang": "en", "value": "CAPEC-250 XML Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-05-07T14:50:40.717Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://documentation.sysaid.com/docs/24-40-60"}, {"tags": ["exploit"], "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/"}], "source": {"discovery": "UNKNOWN"}, "title": "SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-07T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-2776"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T03:56:10.633Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-07T15:17:18.038470Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-07T15:18:24.446Z"}}], "cna": {"title": "SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology)"}, {"lang": "en", "type": "finder", "value": "Jake Knott"}, {"lang": "en", "type": "sponsor", "value": "watchTowr"}], "impacts": [{"capecId": "CAPEC-250", "descriptions": [{"lang": "en", "value": "CAPEC-250 XML Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SysAid", "modules": ["serverurl"], "product": "SysAid On-Prem", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "23.3.40"}], "defaultStatus": "affected"}], "references": [{"url": "https://documentation.sysaid.com/docs/24-40-60", "tags": ["vendor-advisory"]}, {"url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/", "tags": ["exploit"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.", "supportingMedia": [{"type": "text/html", "value": "<div>SysAid On-Prem versions &lt;= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-05-07T14:50:40.717Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2776", "state": "PUBLISHED", "dateUpdated": "2025-05-08T03:56:10.633Z", "dateReserved": "2025-03-24T21:52:44.166Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-05-07T14:50:40.717Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives."}, {"lang": "es", "value": "Las versiones de SysAid On-Prem &lt;= 23.3.40 son afectados por una vulnerabilidad de entidad externa XML no autenticada (XXE) en la funcionalidad de procesamiento de URL del servidor, lo que permite la toma de control de la cuenta del administrador y primitivas de lectura de archivos."}], "id": "CVE-2025-2776", "lastModified": "2025-05-08T14:39:18.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-05-07T15:15:57.573", "references": [{"source": "disclosure@vulncheck.com", "url": "https://documentation.sysaid.com/docs/24-40-60"}, {"source": "disclosure@vulncheck.com", "url": "https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}