THREATOPS
THREAT OPSCVEs › CVE-2025-2775

CVE-2025-2775 — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

CISA KEVExploited: confirmedSysAid

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.

Vulnerability details