SolarWinds Web Help Desk Remote Code Execution Vulnerability (CVE-2025-26399)

Posted by Author Diksha Ojha on Posted on

SolarWinds released a security advisory to address a critical severity vulnerability impacting its Web Help Desk software. Tracked as CVE-2025-26399, the vulnerability has a CVSS score of 9.8. Successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code on the target system.

Security researchers working with Trend Micro’s Zero Day Initiative discovered and reported the vulnerability to SolarWinds.

SolarWinds Web Help Desk (WHD) is a web-based IT help desk and asset management solution that combines IT ticketing with change management software. WHD helps IT departments gain visibility and control over their IT inventory, manage the lifecycle of assets, and optimize procurement and budgeting forecasting.

Vulnerability Details

The flaw originates from an unauthenticated AjaxProxy deserialization flaw that may allow an attacker to run commands on the host system. The advisory informs that this vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Affected Versions

The vulnerability affects SolarWinds Web Help Desk 12.8.7 and all previous versions.

Mitigation

Users must upgrade to SolarWinds Web Help Desk 12.8.7 HF1 to patch the vulnerability.

For more information, please refer to the SolarWinds Security Advisory.

About the hotfix

The hotfix modifies several core files, includingwhd-core.jar, whd-web.jar, and whd-persistence.jar, and adds the HikariCP.jar file to patch the vulnerability.

Installation of a hotfix

The vendor suggests that administrators stop the Web Help Desk service, back up and replace the specified files, and then restart the service to complete the installation.

Qualys Detection

Qualys customers can scan their devices with QID 733223 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm

Leave a Reply

Your email address will not be published. Required fields are marked *