{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-26399","assignerOrgId":"49f11609-934d-4621-84e6-e02e032104d6","state":"PUBLISHED","assignerShortName":"SolarWinds","dateReserved":"2025-02-08T00:19:09.395Z","datePublished":"2025-09-23T05:07:14.702Z","dateUpdated":"2026-03-10T03:55:22.393Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Web Help Desk","vendor":"SolarWinds","versions":[{"status":"affected","version":"12.8.7 and below"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Anonymous working with Trend Micro Zero Day Initiative"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."}],"value":"SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986."}],"impacts":[{"capecId":"CAPEC-248","descriptions":[{"lang":"en","value":"CAPEC-248: Untrusted Execution Flow"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502: Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"49f11609-934d-4621-84e6-e02e032104d6","shortName":"SolarWinds","dateUpdated":"2025-09-23T05:07:14.702Z"},"references":[{"url":"https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399"},{"url":"https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."}],"value":"SolarWinds recommends customers to upgrade to Web Help Desk version 12.8.7 HF1 as soon as is practical."}],"source":{"discovery":"EXTERNAL"},"title":"SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"references":[{"url":"https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/","tags":["third-party-advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399","tags":["government-resource"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-23T00:00:00+00:00","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2025-26399"}}},{"other":{"type":"kev","content":{"dateAdded":"2026-03-09","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-10T03:55:22.393Z"},"timeline":[{"time":"2026-03-09T00:00:00.000Z","lang":"en","value":"CVE-2025-26399 added to CISA KEV"}]}]}}