SysAid’s XXE Woes: CISA Flags Vulnerabilities, But Ransomware Lurks in the Shadows
CISA recently added two SysAid On-Prem flaws to its Known Exploited Vulnerabilities catalog. Despite having no public reports of exploitation, these vulnerabilities are like leaving your front door open with a sign that says “Welcome, Hackers!” Remember, even if they’re not exploited yet, it’s best to patch up before someone takes an unwelcome tour.
Hot Take:
SysAid’s vulnerabilities are now the hottest item on CISA’s KEV menu, but with only 77 vulnerable instances on the internet, it’s like serving caviar at a hot dog stand. Meanwhile, ransomware groups are probably lurking around like seagulls ready to snatch a french fry. WatchTowr’s exploit code has potential hackers lining up like kids at a candy store, but so far, no one’s been brave enough to taste test these vulnerabilities. Let’s hope it stays that way, or SysAid users might find themselves in a digital pickle!
Key Points:
- SysAid’s two vulnerabilities, CVE-2025-2776 and CVE-2025-2775, were patched in March 2025.
- The flaws, discovered by WatchTowr, are XML External Entity (XXE) vulnerabilities.
- No known exploits of these vulnerabilities have been reported so far.
- Only 77 instances of the vulnerabilities were exposed online.
- Ransomware groups have previously targeted SysAid vulnerabilities.