SysAid On-Prem
Moderate fix1 remedy
cpe:2.3:a:sysaid:on-premise:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- <= 23.3.40
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
SysAid On-Prem Unauthenticated XML External Entity Vulnerability Leading to Administrator Account Takeover
Vulnerability
Exploited
Patched
A vulnerability allowing unauthenticated XML External Entity (XXE) injection has been identified in SysAid On-Prem versions through 23.3.40. This vulnerability exists in the Checkin processing functionality and can be exploited to take over administrator accounts and read sensitive files.
Impact
Exploitation of this vulnerability allows for unauthorized access to administrator accounts, potentially leading to full control over the SysAid application.
Reproduction
The vulnerability can be reproduced by sending a POST request to the '/mdm/checkin' endpoint with a crafted XML payload that includes a DTD reference to an external entity. This external entity can be used to read local files on the server. After successfully exploiting the XXE vulnerability to exfiltrate the 'InitAccount.cmd' file, which contains the plaintext password of the main administrator, this credential can be used to log in as an admin.
Remediation
Users are advised to update to SysAid On-Prem version 24.4.60 or later, where this vulnerability has been patched.
Added: Jun 9, 2025, 7:46 PM
Updated: Jul 22, 2025, 5:38 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
3.3exploitability
9.4remediation
7.7relevance
0.0threat
9.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.