NVD disclosure day

Published threat advisories for May 7, 2025

CVE advisoryKnown Exploit

CVE-2025-35939

Craft CMS Arbitrary Code Execution Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

This vulnerability in Craft CMS allows unauthenticated users to inject arbitrary code into server-side session files. This could lead to unauthorized code execution, impacting systems and potentially exposing sensitive data. Organizations should prioritize applying vendor patches to mitigate this risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2025-2776

SysAid Server URL Vulnerability Allows Account Takeover

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

SysAid On-Prem software has a vulnerability in its server URL processing that could allow attackers to take over administrator accounts and read files. This poses a risk to organizations by potentially compromising sensitive data and business operations. <char_count>227</char_count>

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2025-2775

SysAid Vulnerable to Account Takeover and File Exposure.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in SysAid On-Prem software allows unauthorized access to administrator accounts and sensitive files. This impacts organizations by enabling attackers to gain control and expose internal information, posing a business risk.A vulnerability in SysAid On-Prem software allows unauthorized access to administr

NVD published: • CISA KEV