CVE-2025-26399

Published Sep 23, 2025

Last updated 14 hours ago

CVSS critical 9.8
SolarWinds Web Help Desk
Supply chain

Overview

Description
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Source
psirt@solarwinds.com
NVD status
Modified
Products
web_help_desk

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@solarwinds.com
CWE-502

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

9

  1. 🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Discover why CVE-2025-26399 SolarWinds exploit is a critical threat driving active exploitation and how organizations can patch quickly to limit dama

    @PurpleOps_io

    10 Mar 2026

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-26399 #SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability https://t.co/DvIian246S

    @ScyScan

    10 Mar 2026

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログに3件の脆弱性が追加。Omnissa Workspace ONEのCVE-2021-22054、SolarWinds Web Help DeskのCVE-2025-26399、Ivanti Endpoint Manager (EPM)のCVE-2026-160

    @__kokumoto

    9 Mar 2026

    2887 Impressions

    1 Retweet

    2 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  4. 🛡️ We added Omnissa Workspace ONE UEM vulnerability CVE-2021-22054, SolarWinds Web Help Desk vulnerability CVE-2025-26399, & Ivanti Endpoint Manager vulnerability CVE-2026-1603 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSe

    @CISACyber

    9 Mar 2026

    2462 Impressions

    5 Retweets

    17 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. ⚠️ Vulnerabilidad en productos SolarWinds ❗ CVE-2025-26399 ➡️ Más info: https://t.co/gWjwuUixb6 https://t.co/9Z108rO8XX

    @CERTpy

    10 Feb 2026

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Active exploitation of SolarWinds Web Help Desk (CVE-2025-26399, CVE-2025-40551): actors deployed Zoho ManageEngine RMM and Velociraptor via MSIs staged on Catbox and Supabase; affected versions prior to 12.8.7 HF1. #solarwinds #velociraptor #zoho https://t.co/BlZ01sATAW

    @hasamba

    10 Feb 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Critical Solarwinds vulns are being actively exploited. Extensive info, incl. fix info, at SecAlerts: CVE-2025-40551 (CVSS 9.8) - https://t.co/naxlLilyde CVE-2025-26399 (CVSS 9.8) - https://t.co/oLzBFWDokL #ciso #cio #cto #vulnerabilities #cybersecurity #msp #mssp #solarwinds

    @SecAlertsCo

    10 Feb 2026

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-26399 / CVE-2025-40551 / CVE-2025-40536  ⚠️ SolarWinds Web Help Desk – Actively Exploited RCE  SolarWinds Web Help Desk (WHD) installations exposed to the internet are being actively exploited via unauthenticated remote code execution.  Observed intrusions sho

    @modat_magnify

    9 Feb 2026

    144 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 SolarWinds Web Help Desk RCE Exploited to Drop Zoho Assist, Velociraptor, and Cloudflared Tunnels Attackers are actively exploiting SolarWinds Web Help Desk deserialization flaws (notably CVE-2025-40551 / CVE-2025-26399, plus related CVE-2025-40536) to gain unauthenticated

    @ThreatSynop

    9 Feb 2026

    74 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. New activity on our radar: Active Exploitation of SolarWinds Web Help Desk CVE-2025-26399. Worth keeping an eye on as this develops. Full analysis: https://t.co/b6vzaY7kNN #ThreatIntel #InfoSec #OTX #

    @TomarPrateek23

    9 Feb 2026

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Top 5 Trending CVEs: 1 - CVE-2025-43300 2 - CVE-2026-20952 3 - CVE-2026-25253 4 - CVE-2025-26399 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    9 Feb 2026

    134 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress https://t.co/5hEcniKB74 #CyberSecurity

    @EpicPlain

    9 Feb 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 【脆弱性悪用】SolarWinds Web Help Deskの積極的な悪用を確認、攻撃者は自前SIEMで被害者を管理 Huntressは、SolarWinds Web Help Desk(WHD)の脆弱性CVE-2025-26399を悪用した攻撃を3顧客で確認した。12.8.7

    @nakajimeeee

    9 Feb 2026

    583 Impressions

    1 Retweet

    7 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  14. We investigated threat actors actively exploiting SolarWinds Web Help Desk (CVE-2025-26399)...and the tradecraft is unhinged. 🔎 If you run SolarWinds WHD, patch to 2026.1. Now. This write-up is only part of what we uncovered: https://t.co/TPh2EnWmsy More to come. 👀

    @HuntressLabs

    8 Feb 2026

    8977 Impressions

    14 Retweets

    43 Likes

    12 Bookmarks

    2 Replies

    1 Quote

  15. New blog on a Sunday, sheesh… We caught threat actors actively exploiting SolarWinds Web Help Desk (CVE-2025-26399) The tradecraft is wild - Velociraptor as C2, Zoho Assist, Cloudflare tunnels, QEMU SSH backdoors, and the attacker built their own Elastic Cloud instance to

    @RussianPanda9xx

    8 Feb 2026

    26867 Impressions

    61 Retweets

    260 Likes

    94 Bookmarks

    7 Replies

    5 Quotes

  16. Microsoft Defender 연구팀은 SolarWinds Web Help Desk(WHD)의 취약점을 악용한 실제 공격 사례를 발견 현재 추가 조사를 통해 악용된 실제 취약점( CVE-2025-40551 (신뢰할 수 없는 데이터 역직렬화), CVE-2025-40536 (보안 제어 우회),

    @ngnicky

    7 Feb 2026

    124 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  17. Analysis of active exploitation of SolarWinds Web Help Desk - https://t.co/InJP6reBJn #threatintel #solarwinds-web-help-desk #cve-2025-40551 #cve-2025-40536 #cve-2025-26399 #rce-exploitation

    @RedPacketSec

    7 Feb 2026

    96 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Cytellite recent detection targeting CVE-2025-26399 — ZEN-ECN Visit -- https://t.co/tNIgT9lXcb #Loginsoft #Cytellite #Cybersecurity #CVE202526399 #LOVI #ThreatIntelligence #Infosecurity #AI https://t.co/VJsGtUHdiF

    @Loginsoft_Intel

    6 Jan 2026

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. #VulnerabilityReport #CVE202526399 CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability https://t.co/Ns269NV4bo

    @Komodosec

    30 Oct 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2025-26399

    @transilienceai

    12 Oct 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. ''SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw'' #infosec #pentest #redteam #blueteam https://t.co/swNfVamvJf

    @CyberWarship

    3 Oct 2025

    1286 Impressions

    1 Retweet

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw SolarWinds has released hot fixe 𝗗𝗼𝗻'𝘁 𝗺𝗶𝘀𝘀 𝗼𝘂𝘁 𝗼𝗻 𝗼𝘂𝗿 𝘁𝘄𝗲𝗲𝘁𝘀. 𝗙𝗼𝗹𝗹𝗼𝘄 𝘁𝗼𝗱𝗮𝘆! @thehackersnews @edge

    @Edgeitech

    1 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 SolarWinds lanza parche urgente (CVE-2025-26399) RCE crítica (CVSS 9.8) en Web Help Desk. 🔁 Tercer intento de mitigar el fallo. 📌 ¡Actualiza a 12.8.7 HF1 ya! #Ciberseguridad #SolarWinds #Infosec https://t.co/H8z4mEu53i

    @trustlock_sec

    1 Oct 2025

    37 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  24. CRITICAL: SolarWinds CVE-2025-26399 exposes Orion Platform to authentication bypass attacks (versions 2024.2 and earlier affected). CORTEX Analysis: Echoes of 2020 SUNBURST—Orion must be treated as Tier-0 asset. Emergency patching + strict segmentation required. #SolarWinds h

    @the_c_protocol

    30 Sept 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. “SolarWinds Web Help Desk”də boşluq (CVE-2025-26399) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/66eUXzzZ0Q

    @CERTAzerbaijan

    29 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. شركة SolarWinds تصدر تحديثًا عاجلًا لسد ثـ ـغرة تنفيذ الأوامر عن بُعد CVE-2025-26399 التفاصيل.. https://t.co/vkIpi7dzFB #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/RAD315t4p8

    @ccforrs

    29 Sept 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CRITICAL SOLARWINDS ALERT! An Unauthenticated RCE Flaw (CVE-2025-26399) in Web Help Desk allows total remote system takeover. No credentials needed for attackers. Full report on - https://t.co/ZKE2PEFVCM https://t.co/wP571ilYsO

    @cyberbivash

    28 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. SolarWinds issued a hotfix for CVE-2025-26399, a critical unauth RCE in Web Help Desk (AjaxProxy deserialization). It’s a patch bypass of CVE-2024-28988 → itself a bypass of CVE-2024-28986 (added to CISA KEV). Update now to Web Help Desk 12.8.7 HF1.

    @cyber_sec_raj

    27 Sept 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. ⚠️Vulnerabilidad en productos SolarWinds ❗CVE-2025-26399 ➡️Más info: https://t.co/IRoiJMTEmP https://t.co/4SbL7hxtRc

    @CERTpy

    26 Sept 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. SolarWinds releases third hotfix for Web Help Desk 12.8.7 to fix critical RCE vulnerability CVE-2025-26399 caused by unsafe deserialization, allowing unauthenticated exploits without user interaction. #RemoteCode #SolarWinds #USA https://t.co/XoLHTQQAcF

    @TweetThreatNews

    25 Sept 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. SolarWinds issued a new patch for Java deserialization flaw CVE-2025-26399 in Web Help Desk, bypassing previous patches. The vulnerability in AjaxProxy allows remote code execution. Trend Micro discovered the patch bypass. Experts caution against blacklist approaches, predicting

    @bigmacd16684

    25 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. 📢SolarWinds ออก Hotfix แก้ไขช่องโหว่ CVE-2025-26399 ใน Web Help Desk #NCSA #CybersecurityNew สามารถติดตามข่าวสารได้ที่ https://t.co/HCsLrrYz4c https://t.co/pOefWEKQTH

    @ThaiCERTByNCSA

    25 Sept 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. SolarWinds、Webヘルプデスクの重大なRCE脆弱性(CVE-2025-26399)を修正 SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) #HelpNetSecurity (Sep 24) https://t.co/5T6vFVZCIX

    @foxbook

    24 Sept 2025

    18 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. #SolarWinds Releases Hotfix for Critical CVE-2025-26399 #Remote_Code_Execution #Flaw #Vulnerabilities https://t.co/IwU6OXQEqI https://t.co/meQef2oGgI

    @omvapt

    24 Sept 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. به تازگی برای محصول SolarWinds Web Help Desk یا همان WHD آسیب پذیری با کد شناسایی CVE-2025-26399 و از نوع privilege escalation منتشر شده است که به هکرها امکان اجرای کد بر روی سیستم های آ

    @AmirHossein_sec

    24 Sept 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. #SolarWinds fixes critical Web Help Desk RCE #vulnerability (#CVE-2025-26399) https://t.co/GRNVF0GEB3

    @ScyScan

    24 Sept 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 حفره بحرانی CVE-2025-26399 در SolarWinds Web Help Desk با امتیاز 9.8 اجازه اجرای کد از راه دور را می‌دهد. همین حالا پچ کنید! ⚠️ #Cybersecurity #Cybersecurity_News #اخبار_امنیت_سایبری #CVE_202

    @vulnerbyte

    24 Sept 2025

    21 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  38. CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability https://t.co/d6T0W8CLan

    @akaclandestine

    24 Sept 2025

    1153 Impressions

    2 Retweets

    7 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  39. SolarWinds Patches Critical CVE-2025-26399 Remote Code Execution Flaw #SolarWinds #CVE202526399 #CyberSecurity #RemoteCodeExecution #Vulnerability #InfoSec #PatchUpdate #WebHelpDesk #DataSecurity #CVE https://t.co/OOpht1XyVe

    @cyashadotcom

    24 Sept 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. SolarWinds Web Help Deskの重大なCVE-2025-26399脆弱性と対策 https://t.co/WGrzLlDkAy #Security #セキュリティー #ニュース

    @SecureShield_

    24 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. شرکت (SolarWinds) برای رفع آسیب‌پذیری امنیتی بحرانی در نرم‌افزار Web Help Desk خود که امکان اجرای دستورات دلخواه توسط مهاجمان را فراهم می‌کند، به‌روزرسانی‌های اض

    @Teeegra

    24 Sept 2025

    1031 Impressions

    0 Retweets

    13 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  42. SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw #lost32x #Cybersecurity #cve2025 https://t.co/WVgmNCwvtp

    @lost32x_

    23 Sept 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. CVE-2025-26399 https://t.co/iCA4a65ZXL

    @_subTee

    23 Sept 2025

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Security Bulletin: SolarWinds Web Help Desk RCE – CVE-2025-26399 (CVSS 9.8) allows unauthenticated deserialization → SYSTEM-level code execution via AjaxProxy. Patch to 12.8.7 HF1 now. #ThreatIntel #RedLeggCTI #SolarWinds https://t.co/zlsQ8BrOAN

    @RedLegg

    23 Sept 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Cyble reveals 22 actively exploited vulnerabilities, including 9 absent from CISA's KEV catalog. Ransomware targets 10 flaws; new SolarWinds CVE-2025-26399 bypasses prior patches. #CVE2025-26399 #MedusaLocker #USA https://t.co/D47HEDmMCT

    @TweetThreatNews

    23 Sept 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. SolarWinds issues a third hotfix for CVE-2025-26399, a critical Java deserialization RCE in Web Help Desk that bypasses prior CVE-2024-28988 patch. Discovered by Trend Micro ZDI. #SolarWindsPatch #JavaFlaw #USA https://t.co/J8kOuo51B5

    @TweetThreatNews

    23 Sept 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨 A new critical vulnerability (CVE-2025-26399) in SolarWinds Web Help Desk has surfaced, rated a shocking 9.8 on the CVSS scale! Unauthenticated remote code execution is here. Are you prepared? #Cybersecurity #RiskManagement https://t.co/UFUUQdJXiL

    @Cyb3r_5wift

    23 Sept 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 Urgent: SolarWinds has released a hotfix for the critical CVE-2025-26399 Remote Code Execution flaw. Update your systems ASAP! #SolarWinds #PatchNow https://t.co/Tg3ekjxiJn

    @xcybersecnews

    23 Sept 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. SolarWinds Releases Hotfix for Critical #CVE-2025-26399 Remote Code Execution #flaw https://t.co/rR0MITP5Ds

    @AdliceSoftware

    23 Sept 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw https://t.co/DsE4TIGzu8 https://t.co/CiCd2KlDYu

    @talentxfactor

    23 Sept 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.CVE-2025-40551
  2. SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.CVE-2025-40553
  3. SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.CVE-2025-40554
  4. SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.CVE-2025-40552
  5. SolarWinds Web Help Desk Security Control Bypass VulnerabilityCVE-2025-40536

References

Sources include official advisories and independent security research.