Vulnerability Management, Patch/Configuration Management, Threat Intelligence

CISA: Attacks leveraging SysAid flaws ongoing

(Adobe Stock)

BleepingComputer reports that vulnerable SysAid IT service management software instances impacted by the unauthenticated XML External Entity bugs, tracked as CVE-2025-2775 and CVE-2025-2776, were noted by the Cybersecurity and Infrastructure Security Agency to be subjected to ongoing intrusions.

Federal agencies should remediate the security issues, which could be leveraged to facilitate admin account takeovers and sensitive data compromise, by August 22, according to CISA, which has already added the bugs in its Known Exploited Vulnerabilities catalog. Additional details regarding the attacks involving the SysAid flaws were not provided but the agency emphasized that there has been no indication of their usage in ransomware incidents. Meanwhile, threat actors could compromise at least 59 internet-exposed SysAid instances, most of which are in North America and Europe, findings from The Shadowserver Foundation revealed. Attacks involving the SysAid flaw, tracked as CVE-2023-47246, had been conducted by the FIN11 cybercrime operation to facilitate Clop ransomware compromise two years ago.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds