CISA Warns of SysAid Vulnerability Exploitation

Posted on By CWS

CISA on Tuesday added two just lately patched SysAid On-Prem flaws to its Identified Exploited Vulnerabilities (KEV) catalog.

The vulnerabilities, tracked as CVE-2025-2776 and CVE-2025-2775, have been patched in early March, when SysAid launched model 24.4.60 of its IT service administration (ITSM) software program.

The safety holes, described as XXE points, have been found in December 2024 by safety agency WatchTowr, which disclosed their particulars and printed PoC exploit code in Could 2025.

WatchTowr warned on the time that the issues might be chained with CVE-2024-36394, an OS command injection subject beforehand found by one other researcher, for unauthenticated distant command execution.

SysAid’s ITSM merchandise are utilized by 10 million customers all over the world, in response to the seller, however on the time of disclosure the Shadowserver Basis recognized solely 77 weak cases that had been uncovered to the web.   

There don’t seem like any public experiences describing exploitation of CVE-2025-2776 and CVE-2025-2775. 

Apparently, CVE-2025-2776 and CVE-2025-2775 are related pre-authentication XXE vulnerabilities, and CVE-2024-36394, which was utilized in WatchTowr’s exploit chain for unauthenticated distant command execution, has not been added to CISA’s KEV.

SecurityWeek has reached out to WatchTowr and SysAid for clarifications and affirmation of the assaults and can replace this text in the event that they reply.Commercial. Scroll to proceed studying.

CISA’s KEV entry signifies that the vulnerabilities haven’t been leveraged in ransomware assaults.

Nevertheless, ransomware teams exploiting SysAid product vulnerabilities just isn’t exceptional. In 2023, associates of the Cl0p ransomware operation had been noticed exploiting a zero-day tracked as CVE-2023-47246.

Associated: Microsoft Says Chinese language APTs Exploited ToolShell Zero-Days Weeks Earlier than Patch

Associated: Exploited CrushFTP Zero-Day Gives Admin Entry to Servers

Associated: Fortinet FortiWeb Flaw Exploited within the Wild After PoC Publication

Security Week News Tags:, , , ,

Related Posts

Hackers Stole 300,000 Crash Reports From Texas Department of Transportation Security Week News
Adobe Patches Critical Code Execution Bugs Security Week News
Cyera Raises $540 Million to Expand AI-Powered Data Security Platform Security Week News
FBI Warns of Deepfake Messages Impersonating Senior Officials Security Week News
Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries Security Week News
Dozens of SysAid Instances Vulnerable to Remote Hacking Security Week News