THREAT OPS › CVEs › CVE-2025-2776
CVE-2025-2776 — SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Vulnerability details
- Affected productsSysAid On-Prem
- KEV remediation due2025-08-12