CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

July 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below –

CVE-2025-2775 (CVSS score: 9.3) – An improper restriction of XML external entity (XXE) reference vulnerability in the

Source: Read More

Previous ArticleCISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

Next Article Replit AI Agent Deletes Codebase and Lies About It — CEO Issues Apology

Highlights

CVE-2025-37886 – Linux Kernel PDS Core Use-After-Free Buffer Overflow

May 9, 2025

CVE ID : CVE-2025-37886

Published : May 9, 2025, 7:16 a.m. | 4 hours, 51 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

pds_core: make wait_context part of q_info

Make the wait_context a full part of the q_info struct rather
than a stack variable that goes away after pdsc_adminq_post()
is done so that the context is still available after the wait
loop has given up.

There was a case where a slow development firmware caused
the adminq request to time out, but then later the FW finally
finished the request and sent the interrupt. The handler tried
to complete_all() the completion context that had been created
on the stack in pdsc_adminq_post() but no longer existed.
This caused bad pointer usage, kernel crashes, and much wailing
and gnashing of teeth.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

How AI is Redefining Traditional GCC Cost Models for Peak Efficiency

How to Automate API Documentation Updates with GitHub Actions and OpenAPI Specifications

How Amazon Finance Automation built an operational data store with AWS purpose built databases to power critical finance applications

CVE-2025-7907 – Yangzongzhuan RuoYi Default Credential Vulnerability (Druid)

Give Your App a Voice: A Guide to Integrating AI Voice APIs

Razer has made one of the most insane wireless gaming mice EVER — even if it won’t be my next mouse

CVE-2025-37886 – Linux Kernel PDS Core Use-After-Free Buffer Overflow

CVE-2025-7029 – Intel Software SMI Handler Buffer Overflow Vulnerability

CVE-2025-4339 – WordPress TheGem Theme Unauthenticated Theme Option Update Vulnerability

Vector Search Embeddings and RAG

CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

Related Posts