Remote Code Execution Vulnerability in SolarWinds Web Help Desk
CVE-2025-26399
Key Information:
- Vendor
Solarwinds
- Status
- Vendor
- CVE Published:
- 23 September 2025
Badges
What is CVE-2025-26399?
CVE-2025-26399 is a serious remote code execution vulnerability discovered in SolarWinds Web Help Desk, a software solution designed to streamline IT service management and enhance support ticket handling. This vulnerability stems from an unauthenticated deserialization issue within the AjaxProxy component, which enables attackers to execute arbitrary commands on the system hosting the Web Help Desk application. The vulnerability represents a significant security breach, particularly for organizations relying on SolarWinds for IT management, as it undermines the integrity and confidentiality of their IT operations. This flaw is classified as a patch bypass, being a subsequent exploit of earlier vulnerabilities (CVE-2024-28988 and CVE-2024-28986), indicating a troubling trend in software vulnerability persistence.
Potential impact of CVE-2025-26399
-
Unauthorized Access to System Controls: Attackers exploiting this vulnerability could gain unauthorized control over the host machine, enabling them to execute commands that may compromise sensitive data and system functionality, leading to severe operational disruptions.
-
Potential for Data Breaches: With remote code execution capabilities, threat actors could exfiltrate sensitive information or deploy malware, placing organizational data at significant risk. This could lead to financial implications, reputation damage, and the need for rigorous incident response measures.
-
Expansion of Attack Surface: Given that SolarWinds Web Help Desk is utilized in various IT environments, successful exploitation could serve as a launching point for further attacks within an organization’s network, amplifying the risk of a cyber incident that could affect multiple systems and data repositories.
Affected Version(s)
Web Help Desk 12.8.7 and below
News Articles
SolarWinds releases third patch to fix Web Help Desk RCE bug
SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication.
1 month ago

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
SolarWinds fixes CVE-2025-26399, a 9.8 CVSS patch bypass of CVE-2024-28988, preventing remote code execution.
1 month ago
References
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved