SolarWinds Fixes Critical RCE Flaw in Web Help Desk
SolarWinds has addressed a critical remote code (RCE) vulnerability in its Web Help Desk software. The high-severity flaw, tracked as CVE-2025-26399, affects all versions up to 12.8.7 and can be exploited for code execution or data manipulation. Users are urged to install the hotfixes immediately.
The vulnerability, a deserialization of untrusted data issue, allows unauthenticated RCE via AjaxProxy deserialization. This means attackers can execute arbitrary commands on vulnerable systems. The flaw is a patch bypass of two previous vulnerabilities, CVE-2024-28988 and CVE-2024-28986.
SolarWinds has not found any evidence that the vulnerability is being actively exploited in attacks. However, they recommend users install the hotfixes as soon as possible to prevent potential exploitation. The exact public disclosure date and the discoverer of the vulnerability are not specified.
The critical RCE vulnerability in SolarWinds Web Help Desk, CVE-2025-26399, has been fixed with hotfixes. Users should prioritize installing these updates to secure their systems. The vulnerability, if exploited, could have severe consequences, including unauthorized access and data manipulation.
Read also:
- Belarus Launches First Accredited Cybersecurity Center
- UK Convicts Chinese Crypto Fraudster, Seizes $7.39B in Bitcoin
- Bridge the IT-Security Divide with Qualys VMDR for ITSM: A New Application to Streamline Your IT and Security Operations
- Italy passes AI legislation addressing privacy concerns, supervision, and kid-safe access
