🗓️ Live on June 17: The New Rules of Risk: EPSS v5 & Agentic Adversaries Register
runZero CAASM

On This Page:

  1. Latest SysAid Help Desk vulnerabilities
  2. Are updates available?
  3. How to find SysAid Help Desk with runZero
  4. November 2023: CVE-2023-47246
  5. Are updates available?
  6. How to find SysAid Help Desk with runZero

How to find SysAid Help Desk instances

HD Moore
Rob King
|
Updated

Latest SysAid Help Desk vulnerabilities #

On May 7th, Watchtowr disclosed multiple vulnerabilities in the SysAid Help Desk on-premises service management platform. These vulnerabilities, designated CVE-2025-2775CVE-2025-2776, and CVE-2025-2777, leverage how SysAid handles external XML references in user-supplied input. Successfully exploiting these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the vulnerable process.

These vulnerabilities have been assigned a CVSS score of 9.3 (critical). A proof-of-concept exploit has been published for these vulnerabilities.

Are updates available? #

SysAid has released Help Desk version 24.4.60 to address this issue.

How to find SysAid Help Desk with runZero #

SysAid Help Desk services can be found by navigating to the Software Inventory and using the following query:

vendor:="SysAid" AND product:"Help Desk"

Results from the above query should be triaged to determine if they require patching or vendor intervention.

November 2023: CVE-2023-47246 #

On the evening of November 8th Microsoft Threat Intelligence announced that they had discovered attacks by a ransomware gang against the SysAid Help Desk software using a zero-day exploit (CVE-2023-47246). These attacks leveraged a directory traversal vulnerability to upload a web shell and deliver the ransomware payload. SysAid has since published an advisory, complete with indicators of compromise, and made a patch available to customers. The Rapid7 blog has additional information about this issue.

Are updates available? #

SysAid Help Desk has released version 23.3.36 to address this issue.

How to find SysAid Help Desk with runZero #

SysAid Help Desk services can be found by navigating to the Service Inventory and using the following query:

_asset.protocol:{http} AND protocol:{http} AND (_service.favicon.ico.image.md5:="5f30870725d650d7377a134c74f41cfd" OR last.html.title:"SysAid")

Results from the above query should be triaged to determine if they require patching or vendor intervention.

As always, any prebuilt queries are available from your runZero console. Check out the documentation for other useful inventory queries.

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore

Written by Rob King

Rob King is the Director of Applied Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine's Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.

More about Rob King
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

Explore more runZero

Product
Announcing runZero 4.9: Unmask attack paths and segmentation gaps with advanced topology and deep OT device intelligence
With runZero 4.9, visualize attacker lateral movement, harden network choke points, gain deep OT telemetry to secure converged environments, and more.
Read More
Webcasts
runZero Hour, Ep. 30: Segmentation - stop assuming & start verifying with runZero 4.9
See runZero 4.9 in action! Join HD Moore and Tod Beardsley to learn how interactive attack path mapping and advanced OT intelligence expose hidden...
Watch Now
Product Videos
runZero 4.9: Advanced topology, attack path mapping, & deep OT intelligence
With runZero 4.9, visualize attacker lateral movement, harden network choke points, gain deep OT telemetry to secure converged environments, and more.
Watch Now
runZero Perspective
Dawn of the apex agentic adversary
When agentic AI can weaponize exploits in seconds, visibility is everything. Stop the predator with runZero’s exposure management for the AI-attack...
Read More
Webcasts
Beyond the Zero-Day: Mapping the network attackers actually see
Breaches are inevitable. Learn from HD Moore how attackers exploit the seams between IT, IoT, and OT networks — and how to fix the segmentation...
Watch Now
Podcasts
Risky Biz Interview: Navigating the AI vibe shift with HD Moore
runZero Founder and CEO HD Moore drops by in this week's Risky Biz sponsor interview to talk about the concerning AI vibe shift and what to do...
Watch Now
Podcasts
From two weeks to three days: The KEV deadline debate
Former CISA insider Todd Beardsley joins Greg to reveal what it takes to land on the KEV catalog and why ultra-short patching deadlines might...
Listen Now
Solution Briefs
runZero for NIS2 compliance
You can’t secure what you can’t see. runZero provides the complete asset visibility and continuous reporting you need to satisfy strict NIS2...
Read More

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Try runZero for Free
runZero CAASM
© Copyright 2026 runZero, Inc. All Rights Reserved