Remote Code Execution Vulnerability in SolarWinds Web Help Desk
CVE-2025-26399

9.8CRITICAL

Key Information:

Vendor

Solarwinds

Vendor
CVE Published:
23 September 2025

Badges

📈 Trended📈 Score: 1,950👾 Exploit Exists📰 News Worthy

What is CVE-2025-26399?

CVE-2025-26399 is a serious remote code execution vulnerability discovered in SolarWinds Web Help Desk, a software solution designed to streamline IT service management and enhance support ticket handling. This vulnerability stems from an unauthenticated deserialization issue within the AjaxProxy component, which enables attackers to execute arbitrary commands on the system hosting the Web Help Desk application. The vulnerability represents a significant security breach, particularly for organizations relying on SolarWinds for IT management, as it undermines the integrity and confidentiality of their IT operations. This flaw is classified as a patch bypass, being a subsequent exploit of earlier vulnerabilities (CVE-2024-28988 and CVE-2024-28986), indicating a troubling trend in software vulnerability persistence.

Potential impact of CVE-2025-26399

  1. Unauthorized Access to System Controls: Attackers exploiting this vulnerability could gain unauthorized control over the host machine, enabling them to execute commands that may compromise sensitive data and system functionality, leading to severe operational disruptions.

  2. Potential for Data Breaches: With remote code execution capabilities, threat actors could exfiltrate sensitive information or deploy malware, placing organizational data at significant risk. This could lead to financial implications, reputation damage, and the need for rigorous incident response measures.

  3. Expansion of Attack Surface: Given that SolarWinds Web Help Desk is utilized in various IT environments, successful exploitation could serve as a launching point for further attacks within an organization’s network, amplifying the risk of a cyber incident that could affect multiple systems and data repositories.

Affected Version(s)

Web Help Desk 12.8.7 and below

News Articles

SolarWinds releases third patch to fix Web Help Desk RCE bug

SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication.

1 month ago

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

SolarWinds fixes CVE-2025-26399, a 9.8 CVSS patch bypass of CVE-2024-28988, preventing remote code execution.

1 month ago

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

Credit

Anonymous working with Trend Micro Zero Day Initiative
.
CVE-2025-26399 : Remote Code Execution Vulnerability in SolarWinds Web Help Desk