CVE-2025-26399 is a critical Remote Code Execution (RCE) vulnerability found in SolarWinds Web Help Desk. It allows unauthenticated attackers to remotely execute arbitrary commands on the host machine. This vulnerability is especially concerning as it represents a third-level patch bypass, following CVE-2024-28986 and CVE-2024-28988, indicating persistent weaknesses in prior fixes.
No authentication or user interaction is required.
Customers running affected products should immediately download & install 12.8.7 HF1.Steps on how to apply the hotfix is available at βhttps://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
More information about our Cookie Policy
