Security Advisory

CVE-2025-2776

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-07 14:50:40

Last updated 2025-11-19 18:33:05

Assigner VulnCheck

State PUBLISHED

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

← Browse all CVEs View on cve.org ↗