CVE-2025-2777

Critical

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing…

VulnCheck·CWE-611·Published 2025-05-07

CVSS

9.8

EPSS

0.79

KEV

Exploits

cve.orgen

220 chars

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.

NVDen

220 chars

NVDes

271 chars

Las versiones de SysAid On-Prem <= 23.3.40 son vulnerables a una vulnerabilidad de entidad externa XML no autenticada (XXE) en la funcionalidad de procesamiento de lshw, lo que permite la toma de control de cuentas de administrador y primitivas de lectura de archivos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L