CISA Warns of SysAid Vulnerability Exploitation

CISA Warns of SysAid Vulnerability Exploitation

Posted on By CWS

CISA on Tuesday added two just lately patched SysAid On-Prem flaws to its Identified Exploited Vulnerabilities (KEV) catalog.

The vulnerabilities, tracked as CVE-2025-2776 and CVE-2025-2775, have been patched in early March, when SysAid launched model 24.4.60 of its IT service administration (ITSM) software program.

The safety holes, described as XXE points, have been found in December 2024 by safety agency WatchTowr, which disclosed their particulars and printed PoC exploit code in Could 2025.

WatchTowr warned on the time that the issues might be chained with CVE-2024-36394, an OS command injection subject beforehand found by one other researcher, for unauthenticated distant command execution.

SysAid’s ITSM merchandise are utilized by 10 million customers all over the world, in response to the seller, however on the time of disclosure the Shadowserver Basis recognized solely 77 weak cases that had been uncovered to the web.   

There don’t seem like any public experiences describing exploitation of CVE-2025-2776 and CVE-2025-2775. 

Apparently, CVE-2025-2776 and CVE-2025-2775 are related pre-authentication XXE vulnerabilities, and CVE-2024-36394, which was utilized in WatchTowr’s exploit chain for unauthenticated distant command execution, has not been added to CISA’s KEV.

SecurityWeek has reached out to WatchTowr and SysAid for clarifications and affirmation of the assaults and can replace this text in the event that they reply.Commercial. Scroll to proceed studying.

CISA’s KEV entry signifies that the vulnerabilities haven’t been leveraged in ransomware assaults.

Nevertheless, ransomware teams exploiting SysAid product vulnerabilities just isn’t exceptional. In 2023, associates of the Cl0p ransomware operation had been noticed exploiting a zero-day tracked as CVE-2023-47246.

Associated: Microsoft Says Chinese language APTs Exploited ToolShell Zero-Days Weeks Earlier than Patch

Associated: Exploited CrushFTP Zero-Day Gives Admin Entry to Servers

Associated: Fortinet FortiWeb Flaw Exploited within the Wild After PoC Publication

Security Week News Tags:, , , ,

Related Posts

Fortinet Patches Critical Authentication Bypass Vulnerabilities Fortinet Patches Critical Authentication Bypass Vulnerabilities Security Week News
ArmorCode Secures M to Enhance AI Exposure Management ArmorCode Secures $16M to Enhance AI Exposure Management Security Week News
Infostealer Malware Delivered in EmEditor Supply Chain Attack Infostealer Malware Delivered in EmEditor Supply Chain Attack Security Week News
Global Effort Shuts Down Tycoon 2FA Phishing Network Global Effort Shuts Down Tycoon 2FA Phishing Network Security Week News
Google Warns UK Retailer Hackers Now Targeting US Google Warns UK Retailer Hackers Now Targeting US Security Week News
Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking Security Week News