Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling unauthenticated attackers to execute remote commands by exploiting several pre-auth XML External Entity (XXE) injection flaws. The vulnerabilities, registered as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, highlight systemic risks in widely-used IT Service Management platforms. SysAid ITSM On-Premise Plagued by Pre-Auth XXE […]

The post SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/sysaid-itsm-vulnerabilities/