Go back

SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection

severity
critical
date
Affecting
  • SysAid On-Prem <= 23.3.40

CVE
CVE-2025-2777
CVE type
Improper Restriction of XML External Entity Reference
CVSS
9.3
CVSS V3 Vector
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Credit
Sina Kheirkhah (@SinSinology), Jake Knott, watchTowr