CVE-2025-26399
Published Sep 23, 2025
Last updated 4 days ago
- Description
- SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- web_help_desk
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Mar 9, 2026
- Exploit action due
- Mar 12, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
🔴 CISA KEV OVERDUE: SolarWinds Web Help Desk deserialization (CVE-2025-26399) Due date was TODAY. If you're running SolarWinds Web Help Desk and haven't patched, you're exposed. Command execution via AjaxProxy. Post-SUNBURST, we should know better. Thread on impact and
@DeusLogica
13 Mar 2026
211 Impressions
1 Retweet
1 Like
0 Bookmarks
5 Replies
1 Quote
Urgent: Critical vulnerability CVE-2025-26399 in SolarWinds Web Help Desk allows unauthenticated RCE. Apply patches immediately to secure your systems. https://t.co/UqJxNG1K9U #Vulnerability #Security #CVE #Patch #RCE #Threat #Exploit #Network #Protection #Firewall #Risk #Alert h
@dailytechonx
13 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CISA added 3 actively exploited flaws to KEV. Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution. Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch. 🔗 Detail
@YourAnonYan
13 Mar 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Deskに深刻なRCE脆弱性CVE-2025-26399が見つかった。すでに実際の攻撃で悪用されており、CISAは既知悪用脆弱性カタログに追加。管理者に緊急のパッチ適用を求めている。
@yousukezan
12 Mar 2026
1472 Impressions
1 Retweet
9 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Daily Threat Intel | Mar 12, 2026 🔴 Active: Mirai botnets, QakBot C2, CobaltStrike, Sliver C2 ⚠️ Patch NOW: CVE-2025-26399 (SolarWinds RCE - due today!) 🟠 High: LummaStealer, ACRStealer, Vidar, Ivanti EPM bypass #ThreatIntel #CyberSecurity #SOC https://t.co/d6ZU6hy
@404LABSx
12 Mar 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
大多数人把 OpenClaw 当成“会聊天的机器人外壳”,这理解已经落后了。真正的分水岭,是它能不能把外部风险信号,自动变成你团队今天就会执行的动作。 今天一个很硬的信号:CISA KEV 目录更新到 2026.03.11,总
@Sxsyer
12 Mar 2026
164 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog due to active exploitation: 1. CVE-2021-22054 (CVSS 7.5) - SSRF in Omnissa Workspace One UEM. 2. CVE-2025-26399 (CVSS 9. https://t.co/tHJNScYma6
@securityRSS
11 Mar 2026
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers exploited CVE-2025-26399 to achieve unauthenticated RCE in SolarWinds Web Help Desk's AjaxProxy component. This deserialization flaw enables privilege escalation and lateral movement across compromised networks. Runtime segmentation helps contain post-compromise
@aviatrixtrc
11 Mar 2026
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔎 Trending CVE CVE-2025-26399 betrifft SolarWinds Web Help Desk. Eine unsichere Deserialisierung im AjaxProxy-Endpoint ermöglicht Remote Code Execution ohne Authentifizierung. Die Schwachstelle wurde in den CISA KEV-Katalog aufgenommen. Details: https://t.co/lCwh5JfsXl htt
@VulnDex
11 Mar 2026
121 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA adds 3 x exploited vulns to KEV catalog. Info, incl. fix info, at SecAlerts: CVE-2025-26399: https://t.co/oLzBFWDokL CVE-2026-1603: https://t.co/5Duu3lhHy6 CVE-2021-22054: https://t.co/30hzGgqfQl #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #secalerts #CISA
@SecAlertsCo
11 Mar 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA accelerates patch deadlines for critical vulnerabilities in SolarWinds Web Help Desk (CVE-2025-26399) and Ivanti (CVE-2026-1603) amid active exploitation and nation-state targeting. #SolarWinds #Ivanti #USA https://t.co/GTfky7muTF
@TweetThreatNews
11 Mar 2026
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
大多数公司把“漏洞修复”当技术问题,我的判断相反:它本质上是经营问题。今天最危险的不是有没有漏洞,而是你以为“有人在处理”,但没人能拿出证据。 我先给一个今天就能落地的事实:CISA 的 KEV 目录
@Sxsyer
11 Mar 2026
146 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers exploiting CVE-2025-26399 in SolarWinds Web Help Desk are achieving full compromise chains—from initial deserialization to lateral movement and ransomware deployment. Runtime segmentation could help contain post-compromise activity across network
@aviatrixtrc
11 Mar 2026
102 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
PATCH NOW! CVE-2025-26399 SolarWinds Web Help Desk This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems. To learn more, please visit our website: https://t.co/TPYtvAUaFZ https://t.co/UduRkiboOc
@NetSPI
10 Mar 2026
225 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers exploiting CVE-2025-26399 to achieve remote code execution on SolarWinds Web Help Desk, then pivoting laterally across enterprise networks. Runtime segmentation can help limit blast radius once initial compromise occurs. #ZeroDay 🔗 Full breakdown:
@aviatrixtrc
10 Mar 2026
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ivanti Endpoint Manager flaw CVE-2025-26399 exploited. Patch immediately within CISA deadline. #CyberSecurity #InfoSec #Security
@nin_tech_x
10 Mar 2026
105 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
大多数企业把“漏洞修复”当IT任务,我的观点相反:它本质上是经营生死线,不是技术待办。 今天我盯着一个很具体的倒计时:CISA KEV里 SolarWinds Web Help Desk 的 CVE-2025-26399,官方 dueDate 是
@Sxsyer
10 Mar 2026
160 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added CVE-2021-22054, CVE-2025-26399, and CVE-2026-1603 to its Known Exploited Vulnerabilities list due to active attacks. Issues affect SolarWinds Web Help Desk, Ivanti, and Workspace One with federal patch deadlines in 2026. #SolarWinds #Ivanti https://t.co/eX4J3pZZVE
@TweetThreatNews
10 Mar 2026
180 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds Ivanti Endpoint Manager, SolarWinds Web Help Desk, VMware Workspace ONE flaws (CVE-2025-26399, CVE-2026-1603, CVE-2021-22054) to KEV list amid active exploitation. Patch now. https://t.co/JBOxjkPaQF
@threatcluster
10 Mar 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
大多数人盯着金价和油价,但接下来30天,真正会先变贵的,可能是“安全交付能力”。 今天下午我盯了一圈公开漏洞目录,看到一个细节:SolarWinds Web Help Desk 相关漏洞(CVE-2025-26399)的官方处置截止日就在3月12
@Sxsyer
10 Mar 2026
141 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Discover why CVE-2025-26399 SolarWinds exploit is a critical threat driving active exploitation and how organizations can patch quickly to limit dama
@PurpleOps_io
10 Mar 2026
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-26399 #SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability https://t.co/DvIian246S
@ScyScan
10 Mar 2026
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CISA added 3 actively exploited flaws to KEV. Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution. Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch. 🔗 Detail
@TheHackersNews
10 Mar 2026
8895 Impressions
21 Retweets
78 Likes
12 Bookmarks
0 Replies
3 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに3件の脆弱性が追加。Omnissa Workspace ONEのCVE-2021-22054、SolarWinds Web Help DeskのCVE-2025-26399、Ivanti Endpoint Manager (EPM)のCVE-2026-160
@__kokumoto
9 Mar 2026
4254 Impressions
1 Retweet
4 Likes
2 Bookmarks
0 Replies
1 Quote
CVE Alert: CVE-2025-26399 - SolarWinds - Web Help Desk - https://t.co/DXHNLSSmUM #OSINT #ThreatIntel #CyberSecurity #cve-2025-26399 #solarwinds #web-help-desk
@RedPacketSec
9 Mar 2026
117 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Omnissa Workspace ONE UEM vulnerability CVE-2021-22054, SolarWinds Web Help Desk vulnerability CVE-2025-26399, & Ivanti Endpoint Manager vulnerability CVE-2026-1603 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSe
@CISACyber
9 Mar 2026
4890 Impressions
9 Retweets
37 Likes
1 Bookmark
1 Reply
0 Quotes
⚠️ Vulnerabilidad en productos SolarWinds ❗ CVE-2025-26399 ➡️ Más info: https://t.co/gWjwuUixb6 https://t.co/9Z108rO8XX
@CERTpy
10 Feb 2026
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active exploitation of SolarWinds Web Help Desk (CVE-2025-26399, CVE-2025-40551): actors deployed Zoho ManageEngine RMM and Velociraptor via MSIs staged on Catbox and Supabase; affected versions prior to 12.8.7 HF1. #solarwinds #velociraptor #zoho https://t.co/BlZ01sATAW
@hasamba
10 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Solarwinds vulns are being actively exploited. Extensive info, incl. fix info, at SecAlerts: CVE-2025-40551 (CVSS 9.8) - https://t.co/naxlLilyde CVE-2025-26399 (CVSS 9.8) - https://t.co/oLzBFWDokL #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #solarwinds
@SecAlertsCo
10 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26399 / CVE-2025-40551 / CVE-2025-40536 ⚠️ SolarWinds Web Help Desk – Actively Exploited RCE SolarWinds Web Help Desk (WHD) installations exposed to the internet are being actively exploited via unauthenticated remote code execution. Observed intrusions sho
@modat_magnify
9 Feb 2026
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds Web Help Desk RCE Exploited to Drop Zoho Assist, Velociraptor, and Cloudflared Tunnels Attackers are actively exploiting SolarWinds Web Help Desk deserialization flaws (notably CVE-2025-40551 / CVE-2025-26399, plus related CVE-2025-40536) to gain unauthenticated
@ThreatSynop
9 Feb 2026
74 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
New activity on our radar: Active Exploitation of SolarWinds Web Help Desk CVE-2025-26399. Worth keeping an eye on as this develops. Full analysis: https://t.co/b6vzaY7kNN #ThreatIntel #InfoSec #OTX #
@TomarPrateek23
9 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-43300 2 - CVE-2026-20952 3 - CVE-2026-25253 4 - CVE-2025-26399 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Feb 2026
134 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress https://t.co/5hEcniKB74 #CyberSecurity
@EpicPlain
9 Feb 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【脆弱性悪用】SolarWinds Web Help Deskの積極的な悪用を確認、攻撃者は自前SIEMで被害者を管理 Huntressは、SolarWinds Web Help Desk(WHD)の脆弱性CVE-2025-26399を悪用した攻撃を3顧客で確認した。12.8.7
@nakajimeeee
9 Feb 2026
583 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes
We investigated threat actors actively exploiting SolarWinds Web Help Desk (CVE-2025-26399)...and the tradecraft is unhinged. 🔎 If you run SolarWinds WHD, patch to 2026.1. Now. This write-up is only part of what we uncovered: https://t.co/TPh2EnWmsy More to come. 👀
@HuntressLabs
8 Feb 2026
8977 Impressions
14 Retweets
43 Likes
12 Bookmarks
2 Replies
1 Quote
New blog on a Sunday, sheesh… We caught threat actors actively exploiting SolarWinds Web Help Desk (CVE-2025-26399) The tradecraft is wild - Velociraptor as C2, Zoho Assist, Cloudflare tunnels, QEMU SSH backdoors, and the attacker built their own Elastic Cloud instance to
@RussianPanda9xx
8 Feb 2026
26867 Impressions
61 Retweets
260 Likes
94 Bookmarks
7 Replies
5 Quotes
Microsoft Defender 연구팀은 SolarWinds Web Help Desk(WHD)의 취약점을 악용한 실제 공격 사례를 발견 현재 추가 조사를 통해 악용된 실제 취약점( CVE-2025-40551 (신뢰할 수 없는 데이터 역직렬화), CVE-2025-40536 (보안 제어 우회),
@ngnicky
7 Feb 2026
124 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
Analysis of active exploitation of SolarWinds Web Help Desk - https://t.co/InJP6reBJn #threatintel #solarwinds-web-help-desk #cve-2025-40551 #cve-2025-40536 #cve-2025-26399 #rce-exploitation
@RedPacketSec
7 Feb 2026
96 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cytellite recent detection targeting CVE-2025-26399 — ZEN-ECN Visit -- https://t.co/tNIgT9lXcb #Loginsoft #Cytellite #Cybersecurity #CVE202526399 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/VJsGtUHdiF
@Loginsoft_Intel
6 Jan 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #CVE202526399 CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability https://t.co/Ns269NV4bo
@Komodosec
30 Oct 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26399
@transilienceai
12 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
''SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw'' #infosec #pentest #redteam #blueteam https://t.co/swNfVamvJf
@CyberWarship
3 Oct 2025
1286 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw SolarWinds has released hot fixe 𝗗𝗼𝗻'𝘁 𝗺𝗶𝘀𝘀 𝗼𝘂𝘁 𝗼𝗻 𝗼𝘂𝗿 𝘁𝘄𝗲𝗲𝘁𝘀. 𝗙𝗼𝗹𝗹𝗼𝘄 𝘁𝗼𝗱𝗮𝘆! @thehackersnews @edge
@Edgeitech
1 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds lanza parche urgente (CVE-2025-26399) RCE crítica (CVSS 9.8) en Web Help Desk. 🔁 Tercer intento de mitigar el fallo. 📌 ¡Actualiza a 12.8.7 HF1 ya! #Ciberseguridad #SolarWinds #Infosec https://t.co/H8z4mEu53i
@trustlock_sec
1 Oct 2025
37 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
CRITICAL: SolarWinds CVE-2025-26399 exposes Orion Platform to authentication bypass attacks (versions 2024.2 and earlier affected). CORTEX Analysis: Echoes of 2020 SUNBURST—Orion must be treated as Tier-0 asset. Emergency patching + strict segmentation required. #SolarWinds h
@the_c_protocol
30 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“SolarWinds Web Help Desk”də boşluq (CVE-2025-26399) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/66eUXzzZ0Q
@CERTAzerbaijan
29 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
شركة SolarWinds تصدر تحديثًا عاجلًا لسد ثـ ـغرة تنفيذ الأوامر عن بُعد CVE-2025-26399 التفاصيل.. https://t.co/vkIpi7dzFB #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/RAD315t4p8
@ccforrs
29 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL SOLARWINDS ALERT! An Unauthenticated RCE Flaw (CVE-2025-26399) in Web Help Desk allows total remote system takeover. No credentials needed for attackers. Full report on - https://t.co/ZKE2PEFVCM https://t.co/wP571ilYsO
@cyberbivash
28 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds issued a hotfix for CVE-2025-26399, a critical unauth RCE in Web Help Desk (AjaxProxy deserialization). It’s a patch bypass of CVE-2024-28988 → itself a bypass of CVE-2024-28986 (added to CISA KEV). Update now to Web Help Desk 12.8.7 HF1.
@cyber_sec_raj
27 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46BAB832-25B8-4ED6-B209-759F4B470CCE",
"versionEndIncluding": "12.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.7:-:*:*:*:*:*:*",
"matchCriteriaId": "B88A115F-EDE4-447D-A35B-902A4074824A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]