{"id":830,"date":"2025-05-07T14:31:00","date_gmt":"2025-05-07T11:31:00","guid":{"rendered":"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/"},"modified":"2025-05-07T14:31:00","modified_gmt":"2025-05-07T11:31:00","slug":"sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment","status":"publish","type":"post","link":"https:\/\/trustcrypt.com\/ar\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/","title":{"rendered":"SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment"},"content":{"rendered":"<p>Cybersecurity researchers have recently identified several vulnerabilities in the on-premise version of SysAid IT support software. These weaknesses could potentially allow hostile actors to execute pre-authenticated remote code with elevated privileges.<\/p>\n<p>The vulnerabilities are tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, classified as XML External Entity (XXE) injections. These attacks occur when an attacker successfully manipulates an application&#8217;s XML input parsing.<\/p>\n<p>Exploiting these vulnerabilities could enable attackers to inject unsafe XML entities into the web application, leading to Server-Side Request Forgery (SSRF) attacks and, in some cases, remote code execution.<\/p>\n<p>Details regarding the vulnerabilities, as reported by researchers at watchTowr Labs, are as follows:<br \/>\n&#8211; CVE-2025-2775 and CVE-2025-2776 involve pre-authenticated XXE through the \/mdm\/checkin endpoint.<br \/>\n&#8211; CVE-2025-2777 concerns a pre-authenticated XXE through the \/lshw endpoint.<\/p>\n<p>Researchers have noted that these vulnerabilities are straightforward to exploit via specially crafted HTTP POST requests directed at the vulnerable endpoints.<\/p>\n<p>Successful exploitation could allow an attacker to access local files containing sensitive data, including SysAid&#8217;s &#8220;InitAccount.cmd,&#8221; which holds information about the administrator username and plaintext password created during installation. With this information, an attacker could gain full administrative access to SysAid.<\/p>\n<p>Moreover, these XXE vulnerabilities could potentially be combined with another command injection vulnerability, identified as CVE-2025-2778, to achieve remote code execution.<\/p>\n<p>All four vulnerabilities have been addressed by SysAid in the release of on-premise version 24.4.60 b16, which became available in early March 2025. A proof-of-concept exploit that leverages these vulnerabilities has also been made public.<\/p>\n<p>Given that security flaws in SysAid, such as CVE-2023-47246, have been previously exploited by ransomware groups, it is crucial for users to update their instances to the latest version to mitigate risks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have recently identified several vulnerabilities in the on-premise version of SysAid IT support software. These weaknesses could potentially&#8230;<\/p>\n","protected":false},"author":1,"featured_media":831,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[28],"tags":[73,144,148],"class_list":["post-830","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-cybersecurity","tag-exploitation","tag-vulnerabilities"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment - Trustcrypt<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustcrypt.com\/ar\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/\" \/>\n<meta property=\"og:locale\" content=\"ar_AR\" \/>\n<meta property=\"og:locale:alternate\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity researchers have recently identified several vulnerabilities in the on-premise version of SysAid IT support software. These weaknesses could potentially...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/trustcrypt.com\/ar\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/\" \/>\n<meta property=\"og:site_name\" content=\"Trustcrypt\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-07T11:31:00+00:00\" \/>\n<meta name=\"author\" content=\"Trustscrypt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u0643\u064f\u062a\u0628 \u0628\u0648\u0627\u0633\u0637\u0629\" \/>\n\t<meta name=\"twitter:data1\" content=\"Trustscrypt\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0648\u0642\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u064f\u0642\u062f\u0651\u0631\" \/>\n\t<meta name=\"twitter:data2\" content=\"\u062f\u0642\u064a\u0642\u0629 \u0648\u0627\u062d\u062f\u0629\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/\",\"url\":\"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/\",\"name\":\"SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment\",\"isPartOf\":{\"@id\":\"https:\/\/trustcrypt.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/05\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment.webp\",\"datePublished\":\"2025-05-07T11:31:00+00:00\",\"author\":{\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f\"},\"inLanguage\":\"ar\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/#primaryimage\",\"url\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/05\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment.webp\",\"contentUrl\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/05\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment.webp\",\"width\":1792,\"height\":1024,\"caption\":\"SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/trustcrypt.com\/#website\",\"url\":\"https:\/\/trustcrypt.com\/\",\"name\":\"Trustcrypt\",\"description\":\"\u0627\u0644\u0623\u0645\u0646 \u0647\u0648 \u0627\u0633\u0645\u0646\u0627 \u0627\u0644\u062b\u0627\u0646\u064a\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/trustcrypt.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ar\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f\",\"name\":\"Trustscrypt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g\",\"caption\":\"Trustscrypt\"},\"sameAs\":[\"http:\/\/trustcrypt.com\"],\"url\":\"https:\/\/trustcrypt.com\/ar\/author\/trustscrypt\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment - Trustcrypt","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustcrypt.com\/ar\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/","og_locale":"ar_AR","og_type":"article","og_title":"[:en]SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment[:] - Trustcrypt","og_description":"Cybersecurity researchers have recently identified several vulnerabilities in the on-premise version of SysAid IT support software. These weaknesses could potentially...","og_url":"https:\/\/trustcrypt.com\/ar\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/","og_site_name":"Trustcrypt","article_published_time":"2025-05-07T11:31:00+00:00","author":"Trustscrypt","twitter_card":"summary_large_image","twitter_misc":{"\u0643\u064f\u062a\u0628 \u0628\u0648\u0627\u0633\u0637\u0629":"Trustscrypt","\u0648\u0642\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u064f\u0642\u062f\u0651\u0631":"\u062f\u0642\u064a\u0642\u0629 \u0648\u0627\u062d\u062f\u0629"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/","url":"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/","name":"SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment","isPartOf":{"@id":"https:\/\/trustcrypt.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/#primaryimage"},"image":{"@id":"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/#primaryimage"},"thumbnailUrl":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/05\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment.webp","datePublished":"2025-05-07T11:31:00+00:00","author":{"@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f"},"inLanguage":"ar","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/"]}]},{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/trustcrypt.com\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment\/#primaryimage","url":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/05\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment.webp","contentUrl":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/05\/sysaid-addresses-four-critical-vulnerabilities-allowing-pre-authentication-remote-code-execution-in-on-premise-deployment.webp","width":1792,"height":1024,"caption":"SysAid Addresses Four Critical Vulnerabilities Allowing Pre-Authentication Remote Code Execution in On-Premise Deployment"},{"@type":"WebSite","@id":"https:\/\/trustcrypt.com\/#website","url":"https:\/\/trustcrypt.com\/","name":"Trustcrypt","description":"\u0627\u0644\u0623\u0645\u0646 \u0647\u0648 \u0627\u0633\u0645\u0646\u0627 \u0627\u0644\u062b\u0627\u0646\u064a","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustcrypt.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ar"},{"@type":"Person","@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f","name":"Trustscrypt","image":{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g","caption":"Trustscrypt"},"sameAs":["http:\/\/trustcrypt.com"],"url":"https:\/\/trustcrypt.com\/ar\/author\/trustscrypt\/"}]}},"_links":{"self":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts\/830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/comments?post=830"}],"version-history":[{"count":0,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts\/830\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/media\/831"}],"wp:attachment":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/media?parent=830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/categories?post=830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/tags?post=830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}