CVE-2025-26399
Published Sep 23, 2025
Last updated 21 days ago
AI description
CVE-2025-26399 is a remote code execution vulnerability that affects SolarWinds Web Help Desk (WHD). The vulnerability stems from unsafe deserialization handling in the AjaxProxy component. Successful exploitation allows an unauthenticated attacker to run arbitrary commands on the host machine. The vulnerability is a patch bypass of CVE-2024-28988, which was itself a bypass of CVE-2024-28986. SolarWinds has released a hotfix to address the vulnerability.
- Description
- SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
- Source
- psirt@solarwinds.com
- NVD status
- Analyzed
- Products
- web_help_desk
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@solarwinds.com
- CWE-502
- Hype score
- Not currently trending
#VulnerabilityReport #CVE202526399 CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability https://t.co/Ns269NV4bo
@Komodosec
30 Oct 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26399
@transilienceai
12 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
''SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw'' #infosec #pentest #redteam #blueteam https://t.co/swNfVamvJf
@CyberWarship
3 Oct 2025
1286 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw SolarWinds has released hot fixe 𝗗𝗼𝗻'𝘁 𝗺𝗶𝘀𝘀 𝗼𝘂𝘁 𝗼𝗻 𝗼𝘂𝗿 𝘁𝘄𝗲𝗲𝘁𝘀. 𝗙𝗼𝗹𝗹𝗼𝘄 𝘁𝗼𝗱𝗮𝘆! @thehackersnews @edge
@Edgeitech
1 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SolarWinds lanza parche urgente (CVE-2025-26399) RCE crítica (CVSS 9.8) en Web Help Desk. 🔁 Tercer intento de mitigar el fallo. 📌 ¡Actualiza a 12.8.7 HF1 ya! #Ciberseguridad #SolarWinds #Infosec https://t.co/H8z4mEu53i
@trustlock_sec
1 Oct 2025
37 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
CRITICAL: SolarWinds CVE-2025-26399 exposes Orion Platform to authentication bypass attacks (versions 2024.2 and earlier affected). CORTEX Analysis: Echoes of 2020 SUNBURST—Orion must be treated as Tier-0 asset. Emergency patching + strict segmentation required. #SolarWinds h
@the_c_protocol
30 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“SolarWinds Web Help Desk”də boşluq (CVE-2025-26399) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/66eUXzzZ0Q
@CERTAzerbaijan
29 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
شركة SolarWinds تصدر تحديثًا عاجلًا لسد ثـ ـغرة تنفيذ الأوامر عن بُعد CVE-2025-26399 التفاصيل.. https://t.co/vkIpi7dzFB #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/RAD315t4p8
@ccforrs
29 Sept 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL SOLARWINDS ALERT! An Unauthenticated RCE Flaw (CVE-2025-26399) in Web Help Desk allows total remote system takeover. No credentials needed for attackers. Full report on - https://t.co/ZKE2PEFVCM https://t.co/wP571ilYsO
@Iambivash007
28 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds issued a hotfix for CVE-2025-26399, a critical unauth RCE in Web Help Desk (AjaxProxy deserialization). It’s a patch bypass of CVE-2024-28988 → itself a bypass of CVE-2024-28986 (added to CISA KEV). Update now to Web Help Desk 12.8.7 HF1.
@cyber_sec_raj
27 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en productos SolarWinds ❗CVE-2025-26399 ➡️Más info: https://t.co/IRoiJMTEmP https://t.co/4SbL7hxtRc
@CERTpy
26 Sept 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds releases third hotfix for Web Help Desk 12.8.7 to fix critical RCE vulnerability CVE-2025-26399 caused by unsafe deserialization, allowing unauthenticated exploits without user interaction. #RemoteCode #SolarWinds #USA https://t.co/XoLHTQQAcF
@TweetThreatNews
25 Sept 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds issued a new patch for Java deserialization flaw CVE-2025-26399 in Web Help Desk, bypassing previous patches. The vulnerability in AjaxProxy allows remote code execution. Trend Micro discovered the patch bypass. Experts caution against blacklist approaches, predicting
@bigmacd16684
25 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢SolarWinds ออก Hotfix แก้ไขช่องโหว่ CVE-2025-26399 ใน Web Help Desk #NCSA #CybersecurityNew สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrYz4c https://t.co/pOefWEKQTH
@ThaiCERTByNCSA
25 Sept 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds、Webヘルプデスクの重大なRCE脆弱性(CVE-2025-26399)を修正 SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) #HelpNetSecurity (Sep 24) https://t.co/5T6vFVZCIX
@foxbook
24 Sept 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#SolarWinds Releases Hotfix for Critical CVE-2025-26399 #Remote_Code_Execution #Flaw #Vulnerabilities https://t.co/IwU6OXQEqI https://t.co/meQef2oGgI
@omvapt
24 Sept 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی برای محصول SolarWinds Web Help Desk یا همان WHD آسیب پذیری با کد شناسایی CVE-2025-26399 و از نوع privilege escalation منتشر شده است که به هکرها امکان اجرای کد بر روی سیستم های آ
@AmirHossein_sec
24 Sept 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#SolarWinds fixes critical Web Help Desk RCE #vulnerability (#CVE-2025-26399) https://t.co/GRNVF0GEB3
@ScyScan
24 Sept 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 حفره بحرانی CVE-2025-26399 در SolarWinds Web Help Desk با امتیاز 9.8 اجازه اجرای کد از راه دور را میدهد. همین حالا پچ کنید! ⚠️ #Cybersecurity #Cybersecurity_News #اخبار_امنیت_سایبری #CVE_202
@vulnerbyte
24 Sept 2025
21 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability https://t.co/d6T0W8CLan
@akaclandestine
24 Sept 2025
1153 Impressions
2 Retweets
7 Likes
4 Bookmarks
0 Replies
0 Quotes
SolarWinds Patches Critical CVE-2025-26399 Remote Code Execution Flaw #SolarWinds #CVE202526399 #CyberSecurity #RemoteCodeExecution #Vulnerability #InfoSec #PatchUpdate #WebHelpDesk #DataSecurity #CVE https://t.co/OOpht1XyVe
@cyashadotcom
24 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Web Help Deskの重大なCVE-2025-26399脆弱性と対策 https://t.co/WGrzLlDkAy #Security #セキュリティー #ニュース
@SecureShield_
24 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
شرکت (SolarWinds) برای رفع آسیبپذیری امنیتی بحرانی در نرمافزار Web Help Desk خود که امکان اجرای دستورات دلخواه توسط مهاجمان را فراهم میکند، بهروزرسانیهای اض
@Teeegra
24 Sept 2025
1031 Impressions
0 Retweets
13 Likes
1 Bookmark
1 Reply
0 Quotes
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw #lost32x #Cybersecurity #cve2025 https://t.co/WVgmNCwvtp
@lost32x_
23 Sept 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26399 https://t.co/iCA4a65ZXL
@_subTee
23 Sept 2025
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: SolarWinds Web Help Desk RCE – CVE-2025-26399 (CVSS 9.8) allows unauthenticated deserialization → SYSTEM-level code execution via AjaxProxy. Patch to 12.8.7 HF1 now. #ThreatIntel #RedLeggCTI #SolarWinds https://t.co/zlsQ8BrOAN
@RedLegg
23 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyble reveals 22 actively exploited vulnerabilities, including 9 absent from CISA's KEV catalog. Ransomware targets 10 flaws; new SolarWinds CVE-2025-26399 bypasses prior patches. #CVE2025-26399 #MedusaLocker #USA https://t.co/D47HEDmMCT
@TweetThreatNews
23 Sept 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds issues a third hotfix for CVE-2025-26399, a critical Java deserialization RCE in Web Help Desk that bypasses prior CVE-2024-28988 patch. Discovered by Trend Micro ZDI. #SolarWindsPatch #JavaFlaw #USA https://t.co/J8kOuo51B5
@TweetThreatNews
23 Sept 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A new critical vulnerability (CVE-2025-26399) in SolarWinds Web Help Desk has surfaced, rated a shocking 9.8 on the CVSS scale! Unauthenticated remote code execution is here. Are you prepared? #Cybersecurity #RiskManagement https://t.co/UFUUQdJXiL
@Cyb3r_5wift
23 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent: SolarWinds has released a hotfix for the critical CVE-2025-26399 Remote Code Execution flaw. Update your systems ASAP! #SolarWinds #PatchNow https://t.co/Tg3ekjxiJn
@xcybersecnews
23 Sept 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Releases Hotfix for Critical #CVE-2025-26399 Remote Code Execution #flaw https://t.co/rR0MITP5Ds
@AdliceSoftware
23 Sept 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw https://t.co/DsE4TIGzu8 https://t.co/CiCd2KlDYu
@talentxfactor
23 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds releases third patch for critical RCE flaw CVE-2025-26399 in Web Help Desk 12.8.7, fixing unsafe deserialization in AjaxProxy. Update requires JAR file replacement. #SolarWindsPatch #RemoteCodeExecution #USA https://t.co/Hk93mbCY7A
@TweetThreatNews
23 Sept 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#SolarWinds Releases Hotfix for Critical #CVE-2025-26399 Remote #Code Execution Flaw https://t.co/vZ5dwfqq9O
@ScyScan
23 Sept 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical hotfix from SolarWinds for CVE-2025-26399 (CVSS 9.8) impacting Web Help Desk! This RCE vulnerability needs immediate patching. https://t.co/VocruH4tCh #SolarWinds #CVE #RCE #CyberSecurity
@0xT3chn0m4nc3r
23 Sept 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability 🎯19.2k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/rsrJjI2Npa FOFA Query:app="SolarWinds-Web-Help-Desk" 🔖Refer: https://t.co/2HQ
@fofabot
23 Sept 2025
1353 Impressions
8 Retweets
18 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 Fallo crítico en SolarWinds Web Help Desk (CVE-2025-26399, CVSS 9.8) 🚨 Una vulnerabilidad que permite la ejecución remota de código sin necesidad de autenticación. ⚠️ Tercer intento de parche tras dos fallos previos. 🛡️ Actualiza ya a la versión 12.8.7 HF1
@CsirtCnt
23 Sept 2025
28 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw https://t.co/UqSiYQmmap
@buzz_sec
23 Sept 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw https://t.co/1Wpuy67yUW https://t.co/GZT2wia3Ld
@RigneySec
23 Sept 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical flaw in SolarWinds Web Help Desk (CVE-2025-26399, CVSS 9.8) lets attackers run code without logging in. This is the third patch attempt—after two previous “fixes” were bypassed. Admins: update to 12.8.7 HF1 now. Full story → https://t.co/MNXcYnWaui
@TheHackersNews
23 Sept 2025
11156 Impressions
45 Retweets
91 Likes
13 Bookmarks
1 Reply
2 Quotes
🚨 SolarWinds, the gift that keeps on giving: a new Web Help Desk patch bypass, CVE-2025-26399, enables unauthenticated RCE via deserialization. It’s a patch bypass of CVE-2024-28988/CVE-2024-28986 - previously exploited. Given SolarWinds’ past, in-the-wild exploitation i
@watchtowrcyber
23 Sept 2025
10148 Impressions
32 Retweets
79 Likes
26 Bookmarks
1 Reply
0 Quotes
🟥 CVE-2025-26399, CVSS: 9.8 (#Critical) SolarWinds Web Help Desk An unauthenticated AjaxProxy deserialization remote code execution vulnerability. Exploitation allows attackers to execute commands on the host machine. Mitigation requires updating to Web Help Desk 12.8.7 ht
@UjlakiMarci
23 Sept 2025
100 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-26399: CRITICAL] SolarWinds Web Help Desk exposed to unauthenticated AjaxProxy deserialization vulnerability allowing remote code execution on host machine, an exploit bypassing CVE-2024-28988 and ...#cve,CVE-2025-26399,#cybersecurity https://t.co/pXeuC8QJKC https://t.c
@CveFindCom
23 Sept 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46BAB832-25B8-4ED6-B209-759F4B470CCE",
"versionEndIncluding": "12.8.6"
},
{
"criteria": "cpe:2.3:a:solarwinds:web_help_desk:12.8.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B88A115F-EDE4-447D-A35B-902A4074824A"
}
],
"operator": "OR"
}
]
}
]