CVE-2025-2775
ENISA EUVD: EUVD-2025-13878 ↗
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 20, 2026
3 articles
EPSS Score
Source: FIRST.org · 2026-05-23
69.27%
probability
This CVE has a 69.27% probability
of being exploited in the next 30 days.
0%
Top 98.7th percentile of all CVEs
100%
CVSS v3.1
Source: NVD9.3
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Description
NVDSysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Affected Products
sysaid
sysaid
Attack Intelligence
Exploits & PoC
watchtowrlabs/watchTowr-vs-SysAid-PreAuth-RCE-Chain
PoC for SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778)
12
2025-03-28
1 repo — triés par ⭐
Rechercher sur GitHub ↗
https://documentation.sysaid.com/docs/24-40-60
Release Notes
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
Exploit
Third Party Advisory
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
Exploit
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-2775
US Government Resource
Signal Intelligence
Confidence
85%
EPSS
69.27%
CVSS v3.1
9.3
Mentions
3
CNA Information
Analyst Note
CVE-2025-2775 is explicitly listed in CISA's Known Exploited Vulnerabilities catalog with documented active exploitation against SysAid IT support software. The 2025 publication year and CISA KEV inclusion indicate exploitation occurred in or near real-time with patch availability, meeting zero-day criteria.
Threat Actors 5
Hacking Team
apt_group
🇮🇹 IT
Tick
apt_group
Information theft and espionage
🇨🇳 CN
Red Dev 17
apt_group
🇨🇳 CN
Mana Team
apt_group
🇨🇳 CN
Lurk
apt_group
Financial crime
🇷🇺 RU
Triage Info
Decided atMar 20, 2026