Ethical Hacking News
Recent revelations from CISA have highlighted two significant security flaws impacting SysAid IT support software.CVE-2025-2775 and CVE-2025-2776 pose a major threat to the security of SysAid's on-premise version 24.4.60 build 16, which must be updated by August 12, 2025. The vulnerabilities allow attackers to execute SSRF attacks and remote code execution, highlighting the ongoing need for proactive cybersecurity measures in this increasingly complex threat landscape.
CISA has added two security flaws (CVE-2025-2775 and CVE-2025-2776) to its Known Exploited Vulnerabilities catalog, impacting SysAid IT support software. The vulnerabilities allow attackers to inject unsafe XML entities, resulting in a Server-Side Request Forgery (SSRF) attack. These vulnerabilities can lead to remote code execution when chained with CVE-2024-36394. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by August 12, 2025. SysAid has acknowledged that attackers could take control of administrator accounts and read files within the system with these vulnerabilities.
The recent revelations of vulnerability after vulnerability, exploit after exploit, have left many a security-conscious individual reeling. The latest addition to this never-ending litany of cybersecurity conundrums has come from none other than the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which has formally added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog.
These vulnerabilities, CVE-2025-2775 and CVE-2025-2776, were identified by watchTowr Labs researchers Sina Kheirkhah and Jake Knott back in May alongside CVE-2025-2777, a pre-authenticated XXE within the /lshw endpoint. The three vulnerabilities in question pose a significant threat to the security of SysAid's on-premise version 24.4.60 build 16, which was released in early March 2025.
CVE-2025-2775 and CVE-2025-2776 both relate to improper restrictions on XML external entity (XXE) references within the Checkin processing functionality and Server URL processing functionality respectively. These vulnerabilities allow attackers to inject unsafe XML entities into the web application, resulting in a Server-Side Request Forgery (SSRF) attack. In some cases, this can lead to remote code execution when chained with CVE-2024-36394, a command injection flaw revealed by CyberArk last June.
It is currently not known how these vulnerabilities are being exploited in real-world attacks, nor is any information available regarding the identity of the threat actors, their end goals, or the scale of these efforts. The lack of information surrounding this aspect of the vulnerability highlights the complex and ever-evolving nature of cybersecurity threats.
In light of this new development, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by August 12, 2025. This deadline serves as a stark reminder of the importance of proactive security measures in an increasingly complex threat landscape.
Furthermore, SysAid has acknowledged that the vulnerabilities could allow attackers to take control of administrator accounts and read files within the system. The firm noted that the only fix for this vulnerability is to apply the patch from SysAid's on-premise version 24.4.60 build 16, released in early March 2025.
The addition of these two vulnerabilities to CISA's KEV catalog serves as a stark reminder of the ever-present threat landscape and the importance of proactive security measures. As we navigate this complex and ever-evolving world of cybersecurity threats, it is essential that organizations remain vigilant and take swift action to address any identified vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unrelenting-Threat-Landscape-A-Glimpse-into-the-Ongoing-Battles-for-Cybersecurity-Supremacy-ehn.shtml
https://thehackernews.com/2025/07/cisa-warns-sysaid-flaws-under-active.html
https://nvd.nist.gov/vuln/detail/CVE-2025-2775
https://www.cvedetails.com/cve/CVE-2025-2775/
https://nvd.nist.gov/vuln/detail/CVE-2025-2776
https://www.cvedetails.com/cve/CVE-2025-2776/
https://nvd.nist.gov/vuln/detail/CVE-2024-36394
https://www.cvedetails.com/cve/CVE-2024-36394/
https://nvd.nist.gov/vuln/detail/CVE-2025-2777
https://www.cvedetails.com/cve/CVE-2025-2777/
Published: Wed Jul 23 07:38:22 2025 by llama3.2 3B Q4_K_M
