Server-Side Request Forgery in SolarWinds Platform
CVE-2024-52606

9.8CRITICAL

Key Information:

Vendor: Solarwinds
Status: Solarwinds
Vendor: CVE Published:; 11 February 2025

Summary

The SolarWinds Platform is susceptible to a server-side request forgery vulnerability due to inadequate input sanitation. This flaw enables malicious actors to craft deceptive web requests, potentially leading to unauthorized access to internal services and sensitive data leakage. Users are advised to review their configuration and update to the latest version to mitigate this risk.

Affected Version(s)

SolarWinds Windows 2024.4.1 and previous versions

References

https://documentation.solarwinds.com/en/success_center/or...

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Nov 14, 2024

Credit

Anonymous working with Trend Micro Zero Day Initiative