SolarWinds releases a hotfix to fix a critical remote code execution vulnerability in Web Help Desk, marking their third attempt to patch the issue. The vulnerability, CVE-2025-26399, is part of a series of deserialization flaws exploiting Java vulnerabilities. #CVE-2025-26399 #WebHelpDesk #SolarWinds
Keypoints
- SolarWinds issued a hotfix for the CVE-2025-26399 Java deserialization RCE flaw in Web Help Desk.
- This vulnerability is a patch bypass of a previous flaw, CVE-2024-28988, which was also exploited in the wild.
- Multiple critical patches were released within a short period to address sequential vulnerabilities.
- The CVE-2025-26399 flaw was discovered by Trend Micro ZDI and involves unauthenticated remote command execution.
- Users are urged to apply the hotfix promptly due to the high severity and previous exploitation of related vulnerabilities.
Read More: https://www.securityweek.com/solarwinds-makes-third-attempt-at-patching-exploited-vulnerability/