SolarWinds has released an urgent security advisory for a critical vulnerability in its Web Help Desk software that could allow an unauthenticated attacker to achieve remote code execution (RCE).
The flaw, tracked as CVE-2025-26399, carries a critical severity rating of 9.8 out of 10, highlighting the severe risk it poses to affected systems. The vulnerability stems from the deserialization of untrusted data within the AjaxProxy component of the software.
According to the advisory, the vulnerability allows a remote attacker to execute arbitrary commands on the host machine without needing any credentials.
This issue is particularly concerning as it is a patch bypass for two previously addressed vulnerabilities, CVE-2024-28988 and CVE-2024-28986.
This recurrence suggests a persistent weakness in the software’s handling of serialized data, allowing security researchers to find new ways to exploit the same underlying problem.
SolarWinds has credited an anonymous researcher working with Trend Micro’s Zero Day Initiative for discovering and responsibly disclosing this latest iteration of the flaw.
Mitigations
In response to the discovery, SolarWinds has issued Web Help Desk 12.8.7 Hotfix 1. The company strongly urges all customers who have downloaded and installed version 12.8.7 to apply this hotfix immediately to mitigate the risk of exploitation.
The patch addresses the vulnerability by modifying several core files, including whd-core.jar, whd-web.jar, and whd-persistence.jar, and adding the HikariCP.jar file.
Administrators are instructed to stop the Web Help Desk service, back up and replace the specified files, and then restart the service to complete the installation.
Failure to apply the hotfix leaves systems exposed to potential takeover by remote attackers.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
Source link
