Published On: Sep 29, 2025 15:02
Advisory No: TZCERT-SA-25-0109
Source: SolarWinds
Software Affected: SolarWinds Web Help Desk 12.8.7 and all previous versions
SolarWinds Web Help Desk is affected by a critical vulnerability. An attacker can leverage the vulnerability to execute remote code on the affected device.
SolarWinds Web Help Desk is affected by a critical vulnerability tracked as CVE-2025-26399, with a CVSS base score of 9.8. The flaw results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
SolarWinds has released a security patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
