Server-Side Request Forgery in SolarWinds Platform
CVE-2024-52606

3.5LOW

Key Information:

Vendor: Solarwinds
Status: Solarwinds
Vendor: CVE Published:; 11 February 2025

Summary

The SolarWinds Platform is susceptible to a server-side request forgery vulnerability due to inadequate input sanitation. This flaw enables malicious actors to craft deceptive web requests, potentially leading to unauthorized access to internal services and sensitive data leakage. Users are advised to review their configuration and update to the latest version to mitigate this risk.

Affected Version(s)

SolarWinds Windows 2024.4.1 and previous versions

References

https://documentation.solarwinds.com/en/success_center/or...

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Nov 14, 2024

Credit

Anonymous working with Trend Micro Zero Day Initiative