CISA Warns of SysAid Vulnerability Exploitation

Posted on By CWS

CISA on Tuesday added two just lately patched SysAid On-Prem flaws to its Identified Exploited Vulnerabilities (KEV) catalog.

The vulnerabilities, tracked as CVE-2025-2776 and CVE-2025-2775, have been patched in early March, when SysAid launched model 24.4.60 of its IT service administration (ITSM) software program.

The safety holes, described as XXE points, have been found in December 2024 by safety agency WatchTowr, which disclosed their particulars and printed PoC exploit code in Could 2025.

WatchTowr warned on the time that the issues might be chained with CVE-2024-36394, an OS command injection subject beforehand found by one other researcher, for unauthenticated distant command execution.

SysAid’s ITSM merchandise are utilized by 10 million customers all over the world, in response to the seller, however on the time of disclosure the Shadowserver Basis recognized solely 77 weak cases that had been uncovered to the web.   

There don’t seem like any public experiences describing exploitation of CVE-2025-2776 and CVE-2025-2775. 

Apparently, CVE-2025-2776 and CVE-2025-2775 are related pre-authentication XXE vulnerabilities, and CVE-2024-36394, which was utilized in WatchTowr’s exploit chain for unauthenticated distant command execution, has not been added to CISA’s KEV.

SecurityWeek has reached out to WatchTowr and SysAid for clarifications and affirmation of the assaults and can replace this text in the event that they reply.Commercial. Scroll to proceed studying.

CISA’s KEV entry signifies that the vulnerabilities haven’t been leveraged in ransomware assaults.

Nevertheless, ransomware teams exploiting SysAid product vulnerabilities just isn’t exceptional. In 2023, associates of the Cl0p ransomware operation had been noticed exploiting a zero-day tracked as CVE-2023-47246.

Associated: Microsoft Says Chinese language APTs Exploited ToolShell Zero-Days Weeks Earlier than Patch

Associated: Exploited CrushFTP Zero-Day Gives Admin Entry to Servers

Associated: Fortinet FortiWeb Flaw Exploited within the Wild After PoC Publication

Security Week News Tags:, , , ,

Related Posts

US Insurance Industry Warned of Scattered Spider Attacks Security Week News
160,000 Impacted by Valsoft Data Breach Security Week News
Anatsa Android Banking Trojan Now Targeting 830 Financial Apps Security Week News
Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage  Security Week News
TikTok Faces Fresh European Privacy Investigation Over China Data Transfers Security Week News
CodeAnt AI Raises $2 Million for Code Quality and Application Security Platform  Security Week News