Broken Access Control in SolarWinds Service Desk
CVE-2025-26393

5.4MEDIUM

Key Information:

Vendor: Solarwinds
Status: Service Desk
Vendor: CVE Published:; 17 March 2025

Summary

SolarWinds Service Desk has a vulnerability that allows authenticated users to escalate their privileges. This broken access control issue enables unauthorized access to sensitive information and manipulation of data, potentially compromising the integrity of the system. It is crucial for users to ensure they apply the latest updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Service Desk 01-28-2025

References

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2025
Vulnerability Reserved
Feb 8, 2025

Credit

Seif Abdelwahid