{"id":37890,"date":"2025-05-13T19:34:34","date_gmt":"2025-05-13T19:34:34","guid":{"rendered":""},"modified":"2025-08-07T23:27:55","modified_gmt":"2025-08-08T05:27:55","slug":"cve-2025-2776-unauthenticated-xxe-vulnerability-in-sysaid-on-prem-leading-to-admin-account-takeover","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-2776-unauthenticated-xxe-vulnerability-in-sysaid-on-prem-leading-to-admin-account-takeover\/","title":{"rendered":"CVE-2025-2776: Unauthenticated XXE Vulnerability in SysAid On-Prem Leading to Admin Account Takeover<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity landscape is constantly evolving, with danger lurking in the most unexpected places. One such threat is CVE-2025-2776, an unauthenticated XML External Entity (XXE) vulnerability in SysAid On-Prem. This vulnerability, which is present in versions up to and including 23.3.40, has the potential to allow an attacker to take over an administrator account<\/a> and read files in the system.
\nThis vulnerability is particularly concerning because SysAid On-Prem<\/a> is used by many organizations for IT service management. Therefore, an exploit could not only compromise the security of individual systems<\/a>, but also potentially impact the entire IT operations of affected organizations.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-2776
\nSeverity: Critical (9.3 CVSS score)
\nAttack Vector: Remote
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Administrator account takeover, potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n