Remote Code Execution Vulnerability in SolarWinds Web Help Desk
CVE-2025-26399

9.8CRITICAL

Key Information:

Vendor: Solarwinds
Status: Web Help Desk
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-26399?

The SolarWinds Web Help Desk has a vulnerability that enables unauthenticated users to exploit an AjaxProxy deserialization flaw, thereby executing arbitrary commands on the host machine. This issue represents a patch bypass for previously identified vulnerabilities, including CVE-2024-28988 and CVE-2024-28986, indicating a critical security gap within the product.

Affected Version(s)

Web Help Desk 12.8.7 and below

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/wh...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Feb 8, 2025

Credit

Anonymous working with Trend Micro Zero Day Initiative

JSON

Solarwinds

What is CVE-2025-26399?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit