Security Advisory

CVE-2025-2777

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-07 14:53:00

Last updated 2026-02-26 18:28:50

Assigner VulnCheck

State PUBLISHED

Description

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.

← Browse all CVEs View on cve.org ↗