Sysaid: community verdicts
3 notable / known-exploited Sysaid CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Sysaid CVE, see NVD ↗.
- CVE-2023-47246CRIT 9.8KEVEPSS 99%
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
- CVE-2025-2776CRIT 9.3KEVEPSS 73%
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
- CVE-2025-2775CRIT 9.3KEVEPSS 55%
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.