CISA Warns of SysAid Vulnerability Exploitation

CISA Warns of SysAid Vulnerability Exploitation

Posted on By CWS

CISA on Tuesday added two just lately patched SysAid On-Prem flaws to its Identified Exploited Vulnerabilities (KEV) catalog.

The vulnerabilities, tracked as CVE-2025-2776 and CVE-2025-2775, have been patched in early March, when SysAid launched model 24.4.60 of its IT service administration (ITSM) software program.

The safety holes, described as XXE points, have been found in December 2024 by safety agency WatchTowr, which disclosed their particulars and printed PoC exploit code in Could 2025.

WatchTowr warned on the time that the issues might be chained with CVE-2024-36394, an OS command injection subject beforehand found by one other researcher, for unauthenticated distant command execution.

SysAid’s ITSM merchandise are utilized by 10 million customers all over the world, in response to the seller, however on the time of disclosure the Shadowserver Basis recognized solely 77 weak cases that had been uncovered to the web.   

There don’t seem like any public experiences describing exploitation of CVE-2025-2776 and CVE-2025-2775. 

Apparently, CVE-2025-2776 and CVE-2025-2775 are related pre-authentication XXE vulnerabilities, and CVE-2024-36394, which was utilized in WatchTowr’s exploit chain for unauthenticated distant command execution, has not been added to CISA’s KEV.

SecurityWeek has reached out to WatchTowr and SysAid for clarifications and affirmation of the assaults and can replace this text in the event that they reply.Commercial. Scroll to proceed studying.

CISA’s KEV entry signifies that the vulnerabilities haven’t been leveraged in ransomware assaults.

Nevertheless, ransomware teams exploiting SysAid product vulnerabilities just isn’t exceptional. In 2023, associates of the Cl0p ransomware operation had been noticed exploiting a zero-day tracked as CVE-2023-47246.

Associated: Microsoft Says Chinese language APTs Exploited ToolShell Zero-Days Weeks Earlier than Patch

Associated: Exploited CrushFTP Zero-Day Gives Admin Entry to Servers

Associated: Fortinet FortiWeb Flaw Exploited within the Wild After PoC Publication

Security Week News Tags:, , , ,

Related Posts

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users SimpleHelp Vulnerability Exploited Against Utility Billing Software Users Security Week News
Whole Foods Distributor United Natural Foods Hit by Cyberattack Whole Foods Distributor United Natural Foods Hit by Cyberattack Security Week News
Hackers Struggle with TP-Link Router Vulnerability Hackers Struggle with TP-Link Router Vulnerability Security Week News
Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment Security Week News
RondoDox Botnet Takes ‘Exploit Shotgun’ Approach RondoDox Botnet Takes ‘Exploit Shotgun’ Approach Security Week News
Undetectable Android Spyware Backfires, Leaks 62,000 User Logins Undetectable Android Spyware Backfires, Leaks 62,000 User Logins Security Week News