364/68 Thursday, September 25, 2025
SolarWinds has released a hotfix to address a critical vulnerability tracked as CVE-2025-26399 (CVSS 9.8) affecting Web Help Desk. If successfully exploited, the flaw could allow attackers to perform remote code execution (RCE) on affected servers. The vulnerability stems from the deserialization of untrusted data within the AjaxProxy module and impacts Web Help Desk version 12.8.7 and earlier.
The flaw was discovered by researchers working with the Trend Micro Zero Day Initiative (ZDI), who noted that CVE-2025-26399 is a patch bypass for CVE-2024-28988 (CVSS 9.8), which itself was a bypass of CVE-2024-28986 that had been fixed in August 2024. The root cause lies in insufficient validation of user-supplied input, which enables unsafe deserialization and could allow code execution with SYSTEM-level privileges without authentication.
Although there have been no reports of active exploitation so far, SolarWinds strongly recommends that users update to Web Help Desk 12.8.7 HF1 immediately to mitigate risks. It is worth noting that the earlier vulnerability, CVE-2024-28986, was added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog shortly after disclosure, suggesting a high likelihood that the latest flaw could also be targeted.
Source https://thehackernews.com/2025/09/solarwinds-releases-hotfix-for-critical.html
