SolarWinds has released an urgent security update, Hotfix 1, to finally resolve a critical Remote Code Execution (RCE) vulnerability in its widely used Web Help Desk (WHD) software.
The flaw, now tracked as CVE-2025-26399, is essentially the third attempt to fix a security issue that first appeared under CVE-2024-28986. Both previous patches were bypassed by attackers, underscoring persistent security concerns.
Critical RCE Flaw Details
The new hotfix targets WHD version 12.8.7, SolarWinds’ current release. The vulnerability, rated 9.8 (Critical) on the CVSS scale, is caused by unsafe deserialization in the AjaxProxy component.
The primary danger is that the flaw can be exploited by an unauthenticated attacker without needing any user interaction. This low barrier allows anyone to execute arbitrary code on the host system, posing a severe risk to the mid-to-large organizations that rely on WHD for IT support management and asset tracking.
The latest advisory confirms that CVE-2025-26399 is a direct patch bypass of an earlier fix (CVE-2024-28988), which itself was a bypass of the original flaw.
Installation Instructions
SolarWinds is stressing the importance of immediate installation. The hotfix modifies several core .jar files in the application's /lib directory.
To apply the patch, administrators must:
- Stop the WHD service.
- Back up and replace the specified files, including whd-core.jar and whd-web.jar.
- Restart the WHD system.
The hotfix is only compatible with WHD version 12.8.7. Administrators should consult the dedicated WHD 12.8.7 Hotfix 1 Administrator Guide for detailed steps relevant to their operating system (macOS, Windows, or Linux).
Security teams using SolarWinds Web Help Desk are strongly urged to prioritize the deployment of Hotfix 1 to mitigate the risk of exploitation.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
