CISA Warns of SysAid Vulnerability Exploitation

CISA Warns of SysAid Vulnerability Exploitation

Posted on By CWS

CISA on Tuesday added two just lately patched SysAid On-Prem flaws to its Identified Exploited Vulnerabilities (KEV) catalog.

The vulnerabilities, tracked as CVE-2025-2776 and CVE-2025-2775, have been patched in early March, when SysAid launched model 24.4.60 of its IT service administration (ITSM) software program.

The safety holes, described as XXE points, have been found in December 2024 by safety agency WatchTowr, which disclosed their particulars and printed PoC exploit code in Could 2025.

WatchTowr warned on the time that the issues might be chained with CVE-2024-36394, an OS command injection subject beforehand found by one other researcher, for unauthenticated distant command execution.

SysAid’s ITSM merchandise are utilized by 10 million customers all over the world, in response to the seller, however on the time of disclosure the Shadowserver Basis recognized solely 77 weak cases that had been uncovered to the web.   

There don’t seem like any public experiences describing exploitation of CVE-2025-2776 and CVE-2025-2775. 

Apparently, CVE-2025-2776 and CVE-2025-2775 are related pre-authentication XXE vulnerabilities, and CVE-2024-36394, which was utilized in WatchTowr’s exploit chain for unauthenticated distant command execution, has not been added to CISA’s KEV.

SecurityWeek has reached out to WatchTowr and SysAid for clarifications and affirmation of the assaults and can replace this text in the event that they reply.Commercial. Scroll to proceed studying.

CISA’s KEV entry signifies that the vulnerabilities haven’t been leveraged in ransomware assaults.

Nevertheless, ransomware teams exploiting SysAid product vulnerabilities just isn’t exceptional. In 2023, associates of the Cl0p ransomware operation had been noticed exploiting a zero-day tracked as CVE-2023-47246.

Associated: Microsoft Says Chinese language APTs Exploited ToolShell Zero-Days Weeks Earlier than Patch

Associated: Exploited CrushFTP Zero-Day Gives Admin Entry to Servers

Associated: Fortinet FortiWeb Flaw Exploited within the Wild After PoC Publication

Security Week News Tags:, , , ,

Related Posts

Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US Security Week News
EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules Security Week News
35,000 Solar Power Systems Exposed to Internet Security Week News
Hackers Target Perplexity Comet Browser Users Hackers Target Perplexity Comet Browser Users Security Week News
High-Severity Vulnerabilities Patched in Tenable Nessus Agent High-Severity Vulnerabilities Patched in Tenable Nessus Agent Security Week News
Cogent Secures M to Enhance AI for Vulnerability Management Cogent Secures $42M to Enhance AI for Vulnerability Management Security Week News