{"vulnerability": "CVE-2025-2777", "sightings": [{"uuid": "3dd05f75-b811-4070-b3d8-5286a27324aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27773", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114145527842239250", "content": "", "creation_timestamp": "2025-03-11T19:48:53.244669Z"}, {"uuid": "8bc942e3-2a0f-4455-b496-4cd45b088f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27773", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk4wr74mhb2n", "content": "", "creation_timestamp": "2025-03-11T20:46:20.562521Z"}, {"uuid": "e2607926-618c-43c7-9425-db60db863d47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lpcwgj63762n", "content": "", "creation_timestamp": "2025-05-16T21:02:22.106658Z"}, {"uuid": "36a798f0-106f-4075-8b36-76f11fb591f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27776", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkri2jhh4j2w", "content": "", "creation_timestamp": "2025-03-20T00:49:03.492004Z"}, {"uuid": "56a4ce88-8094-4cb8-a66d-b1816a09979c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkri2jkrbo2h", "content": "", "creation_timestamp": "2025-03-20T00:49:04.107238Z"}, {"uuid": "438b1add-5dd4-459f-af75-68526a377fb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27779", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkri2jo34k2j", "content": "", "creation_timestamp": "2025-03-20T00:49:04.668025Z"}, {"uuid": "373e37c8-e53d-491c-b4af-639ca09b07b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27778", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkri2jrj4i2n", "content": "", "creation_timestamp": "2025-03-20T00:49:05.244768Z"}, {"uuid": "bccc0d97-be7e-41c8-a5d0-a6047737fa0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27775", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkri2jvaw42m", "content": "", "creation_timestamp": "2025-03-20T00:49:05.848978Z"}, {"uuid": "dbcb8c7a-945c-4c67-a9ac-0cf224b52955", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27777", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkri2k7k4a26", "content": "", "creation_timestamp": "2025-03-20T00:49:07.526853Z"}, {"uuid": "bf699492-133e-4d61-a1eb-7f8bd15c4fc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-24)", "content": "", "creation_timestamp": "2025-06-24T00:00:00.000000Z"}, {"uuid": "ed22eb93-e527-452e-8172-d06bdd67fc49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://infosec.exchange/users/shadowserver/statuses/114466967388160257", "content": "", "creation_timestamp": "2025-05-07T14:15:11.651271Z"}, {"uuid": "71114729-c3b6-4d28-8e93-0a31c56478aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3lolll3ln2k2p", "content": "", "creation_timestamp": "2025-05-07T14:16:50.714404Z"}, {"uuid": "bfaa421b-3028-44a7-a514-8e052ad078ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3lolll4zukc2p", "content": "", "creation_timestamp": "2025-05-07T14:16:52.051852Z"}, {"uuid": "b38b8e9b-5b91-4465-9ef3-b41adf938f33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3lolll4zwis2p", "content": "", "creation_timestamp": "2025-05-07T14:16:53.387152Z"}, {"uuid": "86422732-ec39-4982-8aaf-35f16f214e7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114467330819942836", "content": "", "creation_timestamp": "2025-05-07T15:47:36.213732Z"}, {"uuid": "2295c4fa-cc5d-4dbd-bb01-2bd5c75ef606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html", "content": "", "creation_timestamp": "2025-05-07T09:31:00.000000Z"}, {"uuid": "ce9faced-c2a5-4d3e-a0d8-b2b66e4f949c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3lom6jcwn542q", "content": "", "creation_timestamp": "2025-05-07T19:55:48.565467Z"}, {"uuid": "9cc53bc9-40d9-402e-8018-a26b132b4311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lowe3uhbet2r", "content": "", "creation_timestamp": "2025-05-11T21:02:20.695579Z"}, {"uuid": "9f650c4e-43f6-4fa2-8b5d-50d40dc5fb13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114472197786505302", "content": "", "creation_timestamp": "2025-05-08T12:25:23.761880Z"}, {"uuid": "b0aab9e6-7a0a-4698-9cb1-f4cbe038415b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-2777.yaml", "content": "", "creation_timestamp": "2025-05-10T14:15:02.000000Z"}, {"uuid": "42a68545-de85-4bed-a745-5400bfae3284", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27778", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:27.000000Z"}, {"uuid": "26feaef9-d12e-4032-b18e-23cd727368c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "MISP/e0a0042d-e47b-4875-b781-99d4428af3c2", "content": "", "creation_timestamp": "2025-09-09T20:51:36.000000Z"}, {"uuid": "f09af0be-919c-4cd7-8547-01efc3bc8aa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27778", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:26.000000Z"}, {"uuid": "c9533b1e-10c7-4eb4-8bf4-dd8dd97a055a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/115424694369254779", "content": "", "creation_timestamp": "2025-10-23T17:37:45.837502Z"}, {"uuid": "4228eaa6-0498-4a96-a85a-e1c493d0e1c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27773", "type": "seen", "source": "https://t.me/cvedetector/20127", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27773 - SimpleSAMLphp SAML2 Signature Confusion Attack\", \n  \"Content\": \"CVE ID : CVE-2025-27773 \nPublished : March 11, 2025, 7:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago \nDescription : The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T21:48:56.000000Z"}, {"uuid": "f8d49207-042a-4e51-9411-a1b534f9ac82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27773", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15837", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27773\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)\n\ud83d\udd39 Description: The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.\n\ud83d\udccf Published: 2025-03-11T19:04:52.135Z\n\ud83d\udccf Modified: 2025-05-09T20:03:38.107Z\n\ud83d\udd17 References:\n1. https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56\n2. https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0\n3. https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113\n4. https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217", "creation_timestamp": "2025-05-09T20:26:09.000000Z"}, {"uuid": "b1ca9a43-b46f-4134-81e0-76fb2b5f9fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "https://t.me/cKure/14634", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges.\n\nThe vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is able to successfully interfere with an application's parsing of XML input.\n\nThis, in turn, could permit attackers to inject unsafe XML entities into the web application, allowing them to carry out a Server-Side Request Forgery (SSRF) attack and in worst cases, remote code execution.\n\nhttps://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html", "creation_timestamp": "2025-05-07T15:21:03.000000Z"}, {"uuid": "485e9539-2adb-4205-9165-271690086af4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27773", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7223", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27773\n\ud83d\udd25 CVSS Score: 8.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)\n\ud83d\udd39 Description: The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.\n\ud83d\udccf Published: 2025-03-11T19:04:52.135Z\n\ud83d\udccf Modified: 2025-03-11T19:27:00.852Z\n\ud83d\udd17 References:\n1. https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56\n2. https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0\n3. https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L104-L113\n4. https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217", "creation_timestamp": "2025-03-11T20:21:09.000000Z"}, {"uuid": "ce4a6469-2168-4173-81c8-9cb5bd11ad98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27775", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8261", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27775\n\ud83d\udd25 CVSS Score: 8.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 143 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available.\n\ud83d\udccf Published: 2025-03-19T20:42:47.335Z\n\ud83d\udccf Modified: 2025-03-20T19:09:55.498Z\n\ud83d\udd17 References:\n1. https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/\n2. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14\n3. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/lib/tools/model_download.py#L156\n4. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/lib/tools/model_download.py#L169-L171\n5. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/download/download.py#L192-L196", "creation_timestamp": "2025-03-20T19:18:22.000000Z"}, {"uuid": "18986f4b-b609-4f50-88f0-23a852dd5429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27776", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8260", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27776\n\ud83d\udd25 CVSS Score: 8.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 240 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with the arbitrary file read CVE-2025-27784 to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available.\n\ud83d\udccf Published: 2025-03-19T20:42:38.780Z\n\ud83d\udccf Modified: 2025-03-20T19:10:17.135Z\n\ud83d\udd17 References:\n1. https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/\n2. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14\n3. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/lib/tools/model_download.py#L240\n4. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/download/download.py#L192-L196", "creation_timestamp": "2025-03-20T19:18:21.000000Z"}, {"uuid": "a0a20a59-8345-4452-85ea-b48c4b84acd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/198", "content": "\ud83d\udd34 CVE-2025-2777 \u2014 SysAid On-Prem \u2264 23.3.40 - XXE Vulnerability\n\ud83e\udde8 Critical Impact \u2014 CVSS 9.3\n\ud83d\udcc5 Published: May 10, 2025\n\n\ud83d\udea8 A severe unauthenticated XML External Entity (XXE) vulnerability has been discovered in SysAid On-Prem (\u2264 v23.3.40), specifically within its lshw hardware info parsing functionality.\n\n\ud83e\ude78 Vulnerability Summary\nAttackers can abuse this XXE flaw to:\n\n- Read arbitrary files on the filesystem\n- Extract sensitive data (e.g., configuration files)\n- Potentially escalate privileges or gain admin access on the server\n\nThe vulnerability requires no authentication, making it a high-priority threat to exposed instances.\n\n\ud83d\udee0 Affected Product\nSysAid On-Prem versions \u2264 23.3.40\n\n\ud83d\udd27 Patched Version\nUpgrade to the latest release from:\n\ud83d\udd17 SysAid Docs - Version Info\n\n\ud83d\udca5 Real-World Exploitation Example \n\u26a1\ufe0f Proof-of-concept exploitation (from WatchTowr Labs):\n\u26a1\ufe0f A crafted XML payload submitted to the lshw endpoint can leak /etc/passwd or internal credentials.\n\u26a1\ufe0fUsed as a pivot to gain admin session access.\n\n\ud83d\udd0d Read full technical write-up:\n\ud83d\udd17 https://labs.watchtowr.com\n\n\ud83d\udd0e Detection Tip\nSearch for exposed SysAid panels:\n\nintitle:\"SysAid\" && \"helpdesk\"\nUse network scanners to monitor outbound XML-related traffic or unusual DNS queries triggered by XXE payloads.\n\n\u26a0\ufe0f Mitigation\n\ud83d\udd38 Patch immediately\n\ud83d\udd38 Restrict external access to the SysAid panel\n\ud83d\udd38Monitor for unusual HTTP POSTs to /lshw or similar paths\n\n\ud83d\udd10 Stay ahead with real-time CVE alerts and PoCs.\nJoin us at @cybersecplayground for more vulnerability posts, scanners, and defense tactics.\n\n\ud83e\udde0 Like + Share to raise awareness.\n\n#CVE2025_2777 #SysAid #XXE #RCE #Exploit #infosec #CyberSecurity #ZeroDay #CVE #cybersecplayground", "creation_timestamp": "2025-05-11T14:06:16.000000Z"}, {"uuid": "bd602e2b-ff8b-4b6f-b305-464ce431c221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27774", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8165", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-27774\n\ud83d\udd25 CVSS Score: 8.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 156 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with the an arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available.\n\ud83d\udccf Published: 2025-03-19T20:42:56.129Z\n\ud83d\udccf Modified: 2025-03-19T20:42:56.129Z\n\ud83d\udd17 References:\n1. https://securitylab.github.com/advisories/GHSL-2024-341_GHSL-2024-353_Applio/\n2. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/assets/flask/routes.py#L14\n3. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/lib/tools/model_download.py#L143\n4. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/rvc/lib/tools/model_download.py#L147-L148\n5. https://github.com/IAHispano/Applio/blob/29b4a00e4be209f9aac51cd9ccffcc632dfb2973/tabs/download/download.py#L192-L196", "creation_timestamp": "2025-03-19T21:18:41.000000Z"}, {"uuid": "8eb83d2c-82c9-4efd-b217-fe32d1dc8dde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "exploited", "source": "Telegram/DKd2Gqws_szvlbVH567RCL0Q0RIZDQSoU0Q0rK7xOEDSxsg", "content": "", "creation_timestamp": "2025-10-26T04:57:35.000000Z"}, {"uuid": "bb09b51b-e1fd-4520-99ac-6c3c1ca4b166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "exploited", "source": "Telegram/WuywlTA2prep3738D0ZdlY2l1dxkLscKbaCFO22me4a6aig", "content": "", "creation_timestamp": "2025-10-26T04:57:32.000000Z"}, {"uuid": "4fd58a50-2549-4bff-b451-bb7543304f01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/199", "content": "Nuclei Template : \nhttps://cloud.projectdiscovery.io/library/CVE-2025-2777", "creation_timestamp": "2025-05-11T14:07:50.000000Z"}, {"uuid": "7bc829b6-7300-4348-a1f2-5cbae1392d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27779", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/20680", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27779 - Applio Voice Conversion Tool Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27779 \nPublished : March 19, 2025, 9:15 p.m. | 16\u00a0minutes ago \nDescription : Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `model_blender.py` lines 20 and 21. `model_fusion_a` and `model_fusion_b` from voice_blender.py take user-supplied input (e.g. a path to a model) and pass that value to the `run_model_blender_script` and later to `model_blender` function, which loads these two models with `torch.load` in `model_blender.py (on lines 20-21 in 3.2.8-bugfix), which is vulnerable to unsafe deserialization. The issue can lead to remote code execution. A patch is available on the `main` branch of the Applio repository. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T23:00:33.000000Z"}, {"uuid": "224e42f2-918a-46e8-8940-9cdfc0bdc091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27778", "type": "seen", "source": "https://t.me/cvedetector/20679", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27778 - Applio Voice Conversion Tool Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27778 \nPublished : March 19, 2025, 9:15 p.m. | 16\u00a0minutes ago \nDescription : Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code execution. As of time of publication, a fix is available on the `main` branch of the Applio repository but not attached to a numbered release. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T23:00:32.000000Z"}, {"uuid": "bba817c6-3c0a-4323-bf3a-5924ba8e474f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27777", "type": "seen", "source": "https://t.me/cvedetector/20678", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27777 - Applio Voice Conversion Tool SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27777 \nPublished : March 19, 2025, 9:15 p.m. | 16\u00a0minutes ago \nDescription : Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) in `model_download.py` (line 195 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with a arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. As of time of publication, no known patches are available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T23:00:29.000000Z"}, {"uuid": "40dff349-f5e8-4d8f-9652-a2ecd4e12d67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27775", "type": "seen", "source": "https://t.me/cvedetector/20677", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27775 - Applio Voice Conversion Tool SSRF and Remote File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27775 \nPublished : March 19, 2025, 9:15 p.m. | 16\u00a0minutes ago \nDescription : Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 143 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T23:00:28.000000Z"}, {"uuid": "b9c4e538-afe8-4d32-a24c-af7eb82ec7d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27776", "type": "seen", "source": "https://t.me/cvedetector/20683", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27776 - Applio Voice Conversion Tool SSRF and File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27776 \nPublished : March 19, 2025, 9:15 p.m. | 16\u00a0minutes ago \nDescription : Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 240 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with the arbitrary file read CVE-2025-27784 to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T23:00:36.000000Z"}, {"uuid": "53dd8342-f251-46ff-ace1-b284a6b684e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27774", "type": "seen", "source": "https://t.me/cvedetector/20682", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-27774 - Applio Voice Conversion Tool Server-Side Request Forgery and File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-27774 \nPublished : March 19, 2025, 9:15 p.m. | 16\u00a0minutes ago \nDescription : Applio is a voice conversion tool. Versions 3.2.7 and prior are vulnerable to server-side request forgery (SSRF) and file write in `model_download.py` (line 156 in 3.2.7). The blind SSRF allows for sending requests on behalf of Applio server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the Applio server can reach. The blind SSRF can also be coupled with the an arbitrary file read (e.g., CVE-2025-27784) to read files from hosts on the internal network, that the Applio server can reach, which would make it a full SSRF. The file write allows for writing files on the server, which can be coupled with other vulnerabilities, for example an unsafe deserialization, to achieve remote code execution on the Applio server. As of time of publication, no known patches are available. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-19T23:00:35.000000Z"}, {"uuid": "23f087ad-a2bd-4d18-b8af-798eb92fe276", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/3785", "content": "#exploit\nCVE-2025-2775 CVE-2025-2776 CVE-2025-2777 CVE-2025-2778\nSysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain\n]-> https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/\n\n]-> https://github.com/watchtowrlabs/watchTowr-vs-SysAid-PreAuth-RCE-Chain", "creation_timestamp": "2025-05-10T02:44:20.000000Z"}, {"uuid": "c99a3d7b-d1a0-4e3c-92d6-19c0c2b7495c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-29)", "content": "", "creation_timestamp": "2026-04-29T00:00:00.000000Z"}, {"uuid": "df2068b2-c4a7-4414-a695-3cd566e14f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "published-proof-of-concept", "source": "https://t.me/liwaamohammad/1962", "content": "https://github.com/watchtowrlabs/watchTowr-vs-SysAid-PreAuth-RCE-Chain\n\nPoC for SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778)\n#github #exploit", "creation_timestamp": "2025-05-09T14:18:17.000000Z"}, {"uuid": "0c13a08f-8179-4fbc-8f15-4cde921313e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/9219", "content": "#exploit\nCVE-2025-2775 CVE-2025-2776 CVE-2025-2777 CVE-2025-2778\nSysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain\n]-> https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/\n\n]-> https://github.com/watchtowrlabs/watchTowr-vs-SysAid-PreAuth-RCE-Chain", "creation_timestamp": "2025-05-10T02:44:20.000000Z"}, {"uuid": "8cd198c5-77c1-4533-870a-7cc40de01d01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "seen", "source": "Telegram/yUbNsI-bWNV2K8tTPh4C-hxM85C-hrLLt_kDH9pSKaydCw", "content": "", "creation_timestamp": "2025-05-07T15:16:23.000000Z"}, {"uuid": "0cace92a-0ea8-4744-a995-75d04f5a53df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27777", "type": "published-proof-of-concept", "source": "Telegram/HMG4VIRM9m-XCFs0EcofkvAyhAqbRpFenRbXfQ1LU4_Gb4E", "content": "", "creation_timestamp": "2025-03-19T23:33:40.000000Z"}, {"uuid": "548906ba-149a-426d-a9e7-5e132249c176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-27778", "type": "published-proof-of-concept", "source": "Telegram/e8K6ei2MJobaYeBw9lEyjrqpWhjWmsfq7ceAEPONUHatpcs", "content": "", "creation_timestamp": "2025-03-19T23:33:39.000000Z"}, {"uuid": "9545de1e-e189-4b74-a27f-06df5d9a6ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "exploited", "source": "https://t.me/true_secator/7023", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 WatchTowr Labs \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0442\u0440\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e \u0418\u0422-\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 SysAid.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a CVE-2025-2775 \u0438 CVE-2025-2776 (\u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 XXE \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 /mdm/checkin), CVE-2025-2777 (\u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 XXE \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0435 /lshw).\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c watchTowr Labs, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043b\u0435\u0433\u043a\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430 POST \u043a \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c.\n\n\u0423\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u0430\u043c \u0441 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f InitAccount.cmd, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e\u0431 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u044c.\n\n\u041f\u043e\u043b\u0443\u0447\u0438\u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0431\u0435\u0437 \u0442\u0440\u0443\u0434\u0430 \u043c\u043e\u0436\u0435\u0442 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a SysAid.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c XXE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u041e\u0421, \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 CVE-2025-2778, \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0412\u0441\u0435 \u0447\u0435\u0442\u044b\u0440\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b SysAid \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 24.4.60 b16 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 \u043c\u0430\u0440\u0442\u0430 2025 \u0433\u043e\u0434\u0430.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0434\u0430\u0432\u043d\u044e\u044e \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0443 \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043d\u0438\u0435 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SysAid\u00a0\u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0431\u0430\u043d\u0434 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 (\u0432 \u0447\u0438\u0441\u043b\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438\u0441\u044c Cl0p) \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 PoC, \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u044e\u0449\u0435\u0433\u043e \u0432\u0441\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u00a0\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0430\u043a\u0430\u0442\u0438\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2025-05-12T17:15:08.000000Z"}, {"uuid": "46a25fc5-ec5f-4744-a891-653113f06023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2777", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/12025", "content": "#exploit\nCVE-2025-2775 CVE-2025-2776 CVE-2025-2777 CVE-2025-2778\nSysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain\n]-> https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/\n\n]-> https://github.com/watchtowrlabs/watchTowr-vs-SysAid-PreAuth-RCE-Chain", "creation_timestamp": "2025-05-10T00:52:20.000000Z"}]}