CVE-2025-2775

HighKnown Exploited

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing…

VulnCheck·CWE-611·Published 2025-05-07

CVSS

7.5

EPSS

0.55

KEV

Yes

Exploits

cve.orgen

223 chars

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.

NVDen

223 chars

NVDes

275 chars

Las versiones de SysAid On-Prem <= 23.3.40 son vulnerables a una vulnerabilidad de entidad externa XML no autenticada (XXE) en la funcionalidad de procesamiento de check-in, lo que permite la toma de control de cuentas de administrador y primitivas de lectura de archivos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	NVD	9.3	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L