—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in SolarWinds Web Help Desk 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

SolarWinds Web Help Desk versions 12.8.7 and prior

Overview

A vulnerability has been reported in SolarWinds Web Help Desk which could allow an attacker to execute arbitrary code on the targeted system.

Target Audience:

Enterprises and organizations using SolarWinds Help Desk.

Risk Assessment:

High risk of complete system compromise.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

SolarWinds Web-Help-Desk is an IT help desk and asset management software that automates ticketing, streamlines support requests, and tracks hardware and software assets to improve IT operations.

This vulnerability exists in SolarWinds Web Help Desk due to an unauthenticated AjaxProxy deserialization issue.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system.

Note: This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Solution

Apply appropriate fix/patches as mentioned in SolarWinds advisory:

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399

Vendor Information

SolarWinds

https://www.solarwinds.com/trust-center/security-advisories/

References

SolarWinds

https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399

https://www.solarwinds.com/web-help-desk

CVE Name

CVE-2025-26399

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjWn+IACgkQ3jCgcSdc

ys/ICQ//ZyoMknvWRHRTyVrM0mvIKZxEVDSP7ecYuQDlQrEQzuXPNLvVQfnbAz1B

/1BS3F171uwtQJcopwuljRv7Y1aJZLImssO2PckZ2K2LSDxfiLTcsMA486ujAn+I

u0RDu1oCiGVMH9Ga1SCpKyZR/ZsJ0McU4tkmBgx002ndoEtKUr02g705BE6xUSaU

LrRhCWATxuRHNK8v8oeUT7Jb3zTme5A/p5qLm79z1KfQV6V8pzhz+8aFAW2mNPEF

Jegdx8N05ySogBkD71jwPz6JNkxLWEFMMZAUCHEPrmKL+trHt9Ki+3yPLa28xuD1

QAzi/Rf9sHfw95heK4WxImP9agr4mmIoc8IawEDAxhEx1J3JG/ynnHKXxhUEVlki

H2z2mbazMb1alqKWSYzmNDOKAsx1DZMocJC5qN/MF0t8eIExExZNQoLZlsIhtnvx

wgsxIBSotnmcvS4R+lSeSVSDk4FIys/LzpqEt+9t6BoCN51/2wVmp9jjTPQa0lMO

gRpDmTg/ylBMrSiZNzw9hPkXbjZexoqiSvMsLu2zMv0zCP6pLK5L+rAIllwBfuku

X20ya8xMmZMRMgP/e+xuxbiY1Ra3lCY/PB6ktESFOCeW6aFsykZfTKhc74y/A0zp

mqJQxTqja0nTQM0y+N61YNmrL2JXzRSJW/HEqH7KL5O32LWWICE=

=xfBm

—–END PGP SIGNATURE—–