SolarWinds has issued a hotfix for a critical remote code execution vulnerability in Web Help Desk, affecting the latest version 12.8.7. This flaw allows unauthenticated attackers to execute commands remotely, prompting urgent security updates for affected organizations.#SolarWinds #WebHelpDesk
Keypoints
- SolarWindsβ vulnerability CVE-2025-26399 affects Web Help Desk version 12.8.7.
- The security flaw involves unsafe deserialization in the AjaxProxy component.
- Successful exploitation enables remote command execution without authentication.
- The hotfix requires updating to version 12.8.7 and replacing specific JAR files.
- The vulnerability is linked as a patch bypass of previous flaws, with no known active exploits reported yet.