CVE-2025-2776

Beschreibung

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.

Schweregrad: CRITICAL

CVSS-Score: 9.3