{"uuid": "a0a20a59-8345-4452-85ea-b48c4b84acd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/198", "content": "\ud83d\udd34 CVE-2025-2777 \u2014 SysAid On-Prem \u2264 23.3.40 - XXE Vulnerability\n\ud83e\udde8 Critical Impact \u2014 CVSS 9.3\n\ud83d\udcc5 Published: May 10, 2025\n\n\ud83d\udea8 A severe unauthenticated XML External Entity (XXE) vulnerability has been discovered in SysAid On-Prem (\u2264 v23.3.40), specifically within its lshw hardware info parsing functionality.\n\n\ud83e\ude78 Vulnerability Summary\nAttackers can abuse this XXE flaw to:\n\n- Read arbitrary files on the filesystem\n- Extract sensitive data (e.g., configuration files)\n- Potentially escalate privileges or gain admin access on the server\n\nThe vulnerability requires no authentication, making it a high-priority threat to exposed instances.\n\n\ud83d\udee0 Affected Product\nSysAid On-Prem versions \u2264 23.3.40\n\n\ud83d\udd27 Patched Version\nUpgrade to the latest release from:\n\ud83d\udd17 SysAid Docs - Version Info\n\n\ud83d\udca5 Real-World Exploitation Example \n\u26a1\ufe0f Proof-of-concept exploitation (from WatchTowr Labs):\n\u26a1\ufe0f A crafted XML payload submitted to the lshw endpoint can leak /etc/passwd or internal credentials.\n\u26a1\ufe0fUsed as a pivot to gain admin session access.\n\n\ud83d\udd0d Read full technical write-up:\n\ud83d\udd17 https://labs.watchtowr.com\n\n\ud83d\udd0e Detection Tip\nSearch for exposed SysAid panels:\n\nintitle:\"SysAid\" && \"helpdesk\"\nUse network scanners to monitor outbound XML-related traffic or unusual DNS queries triggered by XXE payloads.\n\n\u26a0\ufe0f Mitigation\n\ud83d\udd38 Patch immediately\n\ud83d\udd38 Restrict external access to the SysAid panel\n\ud83d\udd38Monitor for unusual HTTP POSTs to /lshw or similar paths\n\n\ud83d\udd10 Stay ahead with real-time CVE alerts and PoCs.\nJoin us at @cybersecplayground for more vulnerability posts, scanners, and defense tactics.\n\n\ud83e\udde0 Like + Share to raise awareness.\n\n#CVE2025_2777 #SysAid #XXE #RCE #Exploit #infosec #CyberSecurity #ZeroDay #CVE #cybersecplayground", "creation_timestamp": "2025-05-11T14:06:16.000000Z"}