BleepingComputer reports that vulnerable SysAid IT service management software instances impacted by the unauthenticated XML External Entity bugs, tracked as CVE-2025-2775 and CVE-2025-2776, were noted by the Cybersecurity and Infrastructure Security Agency to be subjected to ongoing intrusions.Federal agencies should remediate the security issues, which could be leveraged to facilitate admin account takeovers and sensitive data compromise, by August 22, according to CISA, which has already added the bugs in its Known Exploited Vulnerabilities catalog. Additional details regarding the attacks involving the SysAid flaws were not provided but the agency emphasized that there has been no indication of their usage in ransomware incidents. Meanwhile, threat actors could compromise at least 59 internet-exposed SysAid instances, most of which are in North America and Europe, findings from The Shadowserver Foundation revealed. Attacks involving the SysAid flaw, tracked as CVE-2023-47246, had been conducted by the FIN11 cybercrime operation to facilitate Clop ransomware compromise two years ago.
Vulnerability Management, Patch/Configuration Management, Threat Intelligence
CISA: Attacks leveraging SysAid flaws ongoing

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



