Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges.
The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker isRead More
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version [email protected] (The Hacker News)
by
Tags: