CVE-2025-26399
SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability
In short
SolarWinds Web Help Desk allows attackers to run commands on servers without authentication by exploiting unsafe data deserialization in the AjaxProxy component. This is a critical flaw because it completely bypasses the system's security, letting intruders take full control.
Technical detail
An unauthenticated attacker can exploit unsafe deserialization (CWE-502) in the AjaxProxy endpoint to achieve remote code execution with system privileges. This vulnerability chains privilege escalation and bypasses previous patches (CVE-2024-28988, CVE-2024-28986), requiring no authentication or user interaction.
Summary generated and translated by AI from the official description.
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
SolarWinds · Web Help Deskpublic PoCs found — 1
githubgithub.com/rxerium/CVE-2025-26399★ 2⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htmhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399