9.8

CVE-2025-26399

Warnung

Medienbericht

EPSS 32.24%
Veröffentlicht 23.09.2025 05:15:35
Zuletzt bearbeitet 10.03.2026 13:11:15
Quelle psirt@solarwinds.com
CVE-Watchlists
Login
Unerledigt
Login

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Web Help Desk Version <= 12.8.6

Solarwinds ≫ Web Help Desk Version12.8.7 Update-

09.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

Schwachstelle

SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	32.24%	0.968

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@solarwinds.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/

Medienbericht

Bleeping Computer

17.04.2026 21:25

https://thehackernews.com/2026/03/cisa-flags-solarwinds-ivanti-and.html

Medienbericht

TheHackersNews

17.03.2026 22:20

https://www.heise.de/news/Angriffswarnung-fuer-Ivanti-Endpoint-Manager-SolarWinds-Web-Help-Desk-und-mehr-11204908.html

Medienbericht

heise Security

10.03.2026 08:32

https://www.heise.de/news/Jetzt-patchen-Abermals-Attacken-auf-SolarWinds-Web-Help-Desk-beobachtet-11170887.html

Medienbericht

heise Security

10.02.2026 09:46

https://www.heise.de/news/Sicherheitspatch-fuer-SolarWinds-Web-Help-Desk-abermals-repariert-10668445.html

Medienbericht

heise Security

24.09.2025 13:36

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399

US Government Resource

https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-26399

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-26399

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26399

EUVD