Data Breaches

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

May 7, 2025

Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges.
The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is

Subscribe to HackenPost

Get notified of the latest updates from Hackenpost.

Data Breaches

Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection

May 7, 2025

Data Breaches

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

May 7, 2025

Hand-Picked Top-Read Stories

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

Trending Tags

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Leave a Reply Cancel reply

Subscribe to HackenPost

Previous Post

Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection

Next Post

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Leave a Reply Cancel reply

Subscribe to HackenPost

Previous Post

Next Post

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN

Related Posts