SolarWinds Patches Critical RCE Flaw in Web Help Desk

SolarWinds has released a critical security update to address a newly discovered unauthenticated remote code execution vulnerability, identified as CVE-2025-26399, within its Web Help Desk software. This widely used IT ticketing and asset management platform requires immediate patching to prevent potential system compromise. Although there are no current reports of active exploitation, security experts warn that threat actors could quickly develop an exploit by reverse-engineering the provided hotfix.

The flaw resides in the AjaxProxy class, where inadequate validation of user-supplied data enables the deserialization of untrusted information. This weakness allows remote attackers to run arbitrary code on affected installations without needing any form of authentication. A successfully exploited system could expose highly sensitive organizational data, given the central role Web Help Desk plays in IT operations.

This specific vulnerability impacts SolarWinds Web Help Desk version 12.8.7. The company has issued a corrective update in version 12.8.7 Hotfix 1 to resolve the issue. The situation carries significant urgency because CVE-2025-26399 represents a patch bypass for a previous vulnerability, CVE-2024-28988, which itself was a bypass for an earlier flaw, CVE-2024-28986. That original vulnerability saw in-the-wild attacks shortly after a patch was made available, setting a concerning precedent.

On a positive note, a public proof-of-concept exploit for this latest flaw is not yet available. This provides a crucial window of opportunity for administrators to apply the update before attackers can weaponize the vulnerability. Prompt action is strongly recommended to secure IT infrastructure against this serious threat.

(Source: HelpNet Security)