RedPacket SecurityAug 20, 2025

CVE Alert: CVE-2025-2776 - SysAid - SysAid On-Prem - https://www.redpacketsecurity.com/cve-alert-cve-2025-2776-sysaid-sysaid-on-prem/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-2776 #sysaid #sysaid-on-prem

CVE Alert: CVE-2025-2776 - SysAid - SysAid On-Prem - RedPacket Security

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality,

RedPacket Security
RedPacket SecurityAug 20, 2025

CVE Alert: CVE-2025-2775 - SysAid - SysAid On-Prem - https://www.redpacketsecurity.com/cve-alert-cve-2025-2775-sysaid-sysaid-on-prem/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-2775 #sysaid #sysaid-on-prem

CVE Alert: CVE-2025-2775 - SysAid - SysAid On-Prem - RedPacket Security

SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality,

RedPacket Security
RF WaveMay 8, 2025

Critical vulnerabilities discovered in SysAid's on-premise IT support software

💥 Vulnerability: XML External Entity (XXE) injections that can lead to RCE

⚠️ Impact: Retrieval of sensitive files, full admin access, and arbitrary code execution, risking data breaches and system compromises.

🔍 CVEs: CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778

🔧 Remediation: Update to SysAid version 24.4.60 b16

#cybersecurity #SysAid #vulnerabilitymanagement

https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

SysAid fixed 4 critical pre-auth flaws in March 2025; chained bugs allow full admin access and RCE.

The Hacker News
BSI WID Advisories FeedMay 8, 2025

#BSI WID-SEC-2025-0981: [NEU] [hoch] ##SysAid #Technologies #Ltd SysAid: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in SysAid Technologies Ltd SysAid ausnutzen, um Informationen offenzulegen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0981

Warn- und Informationsdienst

securityaffairsNov 10, 2023
#SysAid #zeroday exploited by #Clop #ransomware group
https://securityaffairs.com/153958/hacking/sysaid-zero-day-clop-ransomware-gang.html
#securityaffairs #hacking #ransomware
SysAid zero-day exploited by Clop ransomware group

Microsoft spotted the exploitation of a SysAid zero-day vulnerability in limited attacks carried out by the Lace Tempest group.

Security Affairs
 decioNov 10, 2023

Details techniques & IoCs pour la vulnérabilité dans le logiciel de gestion On-prem SysAid CVE-2023-47246 dans ce récit de prise en charge d'incident de sécurité
👇
https://profero.io/posts/sysaidonpremvulnerability/

------------
if sophos 😱 🏃‍♂️ 💨
👇
foreach($s in tasklist) {
if ($s -match '^(Sophos).*\.exe\s') {echo $s; $bp++;}
}
if ($bp) { echo "`nSTOP-PROCs FOUND! Exiting`n" }
------------

#Cyberveille #SysAid

SysAid On-Prem Vulnerability Disclosure

Written by Sasha Shapirov CTO @ SysAid & Profero Incident Response Team

Jamie Levy 🦉Nov 10, 2023

The write up for our observations and a bit about the POCs the @huntress team got working for the #SysAid #0day used by #clop #cl0p

Awesome work by @JohnHammond Matt Kiely and others

#dfir

https://www.huntress.com/blog/critical-vulnerability-sysaid-cve-2023-47246

Critical Vulnerability: SysAid CVE-2023-47246

Huntress has analyzed the emerging SysAid CVE-2023-47246 vulnerability and recreated the attack chain with a proof-of-concept exploit.

Jamie Levy 🦉Nov 10, 2023

This was a fun one! Great work by @JohnHammond and the rest of the @huntress crew!

#dfir #malware #clop #CL0P #SysAid

FreemindNov 9, 2023

Following the exploitation of the vulnerability, Lace Tempest used the compromised SysAid software to issue commands for delivering a malware loader associated with the Gracewire malware.

#Cybersecurity #Vulnerability #Exploit #ZeroDay #SysAid

https://cybersec84.wordpress.com/2023/11/09/critical-lace-tempest-exploits-sysaid-zero-day-vulnerability/

Critical: Lace Tempest Exploits SysAid Zero-Day Vulnerability

Microsoft has identified the threat actor known as Lace Tempest as the culprit behind the exploitation of a zero-day vulnerability in SysAid IT support software in targeted attacks. Lace Tempest, p…

CyberSec84 | Cybersecurity news.
Jon GreigNov 9, 2023

Clop is back, now exploiting a new zero-day in SysAid IT support software. A patch has been released for CVE-2023-47246

#SysAid #MoveIt #Clop

https://therecord.media/clop-ransomware-gang-targets-new-zero-day

Ransomware gang behind MOEVit attacks are targeting new zero-day, Microsoft says

The Russian ransomware gang behind the exploitation of several popular file transfer tools is now exploiting a new vulnerability in SysAid IT support software, according to a new report.