RF WaveCritical vulnerabilities discovered in SysAid's on-premise IT support software
💥 Vulnerability: XML External Entity (XXE) injections that can lead to RCE
⚠️ Impact: Retrieval of sensitive files, full admin access, and arbitrary code execution, risking data breaches and system compromises.
🔍 CVEs: CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778
🔧 Remediation: Update to SysAid version 24.4.60 b16
#cybersecurity #SysAid #vulnerabilitymanagement
https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html
