SolarWinds has released patches for a critical security flaw in Web Help Desk software, which could allow remote code execution without authentication. The vulnerability, CVE-2025-26399, is related to deserialization issues in the AjaxProxy component and is a patch bypass for previous exploits. #SolarWinds #CVE2025-26399
Keypoints
- The vulnerability affects SolarWinds Web Help Desk 12.8.7 and earlier versions.
- It involves deserialization of untrusted data leading to remote code execution.
- The flaw was discovered by an anonymous researcher working with Trend Micro Zero Day Initiative.
- SolarWinds advises users to update to version 12.8.7 HF1 for protection against exploitation.
- The vulnerability is linked to historical exploitable bugs that have impacted critical infrastructure and organizations.
Read More: https://thehackernews.com/2025/09/solarwinds-releases-hotfix-for-critical.html