SysAid has addressed three critical XML External Entity (XXE) injection vulnerabilities—CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777—in its on-premises IT support software. These flaws could be exploited to achieve pre-authenticated remote code execution and escalate privileges, posing significant risks to affected systems. Users are advised to update their installations promptly.

‍