Immediate Action Required for On-Premise Users

SysAid has issued an urgent security patch for its On-Premise IT Service Management (ITSM) platform, addressing a newly discovered XML External Entity (XXE) vulnerability (CVE-2025-2775) affecting versions up to 23.3.40. This vulnerability, identified within the Checkin processing component, poses a significant risk of unauthorised access and potential data exposure.

At ITSM Connect, we consistently highlight the importance of integrating robust cybersecurity practices within ITSM strategies to ensure business resilience and continuity. SysAid’s swift response to this vulnerability underscores the critical need for proactive security management in today’s dynamic IT environments.

Organisations leveraging SysAid On-Premise are strongly advised to review their deployment and apply the latest patch without delay. Addressing vulnerabilities promptly not only protects sensitive data but also supports regulatory compliance and operational stability.

For detailed instructions on implementing this update, IT teams should consult the official SysAid release notes or reach out to their SysAid support representative. Proactive action is essential to maintain a secure, resilient ITSM environment.