SolarWinds has released urgent hot fixes to address a critical security flaw in its Web Help Desk software. If successfully exploited, the vulnerability could allow attackers to remotely execute commands on affected systems.
The flaw is tracked as CVE-2025-26399 and has a CVSS score of 9.8, indicating its high severity. It is an instance of "deserialization of untrusted data" that could lead to code execution. The vulnerability affects SolarWinds Web Help Desk 12.8.7 and all older versions.
A Patch for a Patch
According to a SolarWinds advisory, the vulnerability is an "unauthenticated AjaxProxy deserialization" issue. It's a patch bypass for a previous flaw, CVE-2024-28988, which was itself a bypass for CVE-2024-28986. The original bug was addressed in August 2024.
An advisory from the Trend Micro Zero Day Initiative (ZDI) confirmed that the flaw allows unauthenticated attackers to run code in the context of the system. While there is no evidence of this specific bug being exploited in the wild, the original vulnerability, CVE-2024-28986, was added to the CISA's Known Exploited Vulnerabilities catalog. This suggests that the bug has been actively weaponized in the past.
Given the history of this product, experts believe it's only a matter of time before the latest patch bypass is exploited. Users are strongly advised to update to SolarWinds Web Help Desk 12.8.7 HF1 to protect their systems.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
