SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection | Advisories | VulnCheck

Go back

SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection

severity: critical
date: May 7, 2025
Affecting: SysAid On-Prem <= 23.3.40
CVE: CVE-2025-2777
CVE type: Improper Restriction of XML External Entity Reference
CVSS: 9.3
CVSS V3 Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
References: Vendor Advisory
Exploit
Credit: Sina Kheirkhah (@SinSinology), Jake Knott, watchTowr