THREATOPS
THREAT OPSCVEs › CVE-2025-2776

CVE-2025-2776 — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability

CISA KEVExploited: confirmedSysAid

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

Vulnerability details