CVE-2025-26399

CRITICALCISA KEV

9.8

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published9/23/2025

Last Modified3/10/2026

Sourcekev

Honeypot Sightings0

CISA KEV

VendorSolarWinds

ProductWeb Help Desk

Vulnerability NameSolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

KEV Date Added2026-03-09

Remediation Due Date2026-03-12

Ransomware UseUnknown

Affected Products

solarwinds:web_help_desk

Weaknesses (CWE)

CWE-502CWE-502

References

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm(psirt@solarwinds.com)

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399(psirt@solarwinds.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.