Identified as CVE-2025-26399, this flaw allows an unauthenticated attacker to exploit the AjaxProxy component’s deserialization of untrusted data, enabling remote code execution on the host machine.
Rated 9.8 (Critical), the vulnerability represents a patch bypass for prior fixes (CVE-2024-28988 and CVE-2024-28986), underscoring its severity and the importance of promptly applying the hotfix.
The root cause of CVE-2025-26399 lies in the AjaxProxy module, which processes serialized Java objects without proper validation.
An attacker can craft malicious serialized payloads that, when sent to the component, trigger arbitrary code execution.
| CVE ID | Vulnerability Title | Severity |
| CVE-2025-26399 | AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability | 9.8 (Critical) |
Because the vulnerability is unauthenticated, no valid credentials are required to launch an attack, making it particularly dangerous for Internet-exposed WHD instances.
Successful exploitation grants complete control over the affected server, including the ability to escalate privileges, execute system commands, and pivot to other parts of the enterprise network.
Trend Micro Zero Day Initiative researchers, working anonymously with SolarWinds, reported the issue and collaborated with engineering teams to develop a robust patch that effectively mitigates this bypass.
Web Help Desk 12.8.7 Hotfix 1 supplements the base 12.8.7 release by adding new libraries and updating core components to remediate the AjaxProxy deserialization flaw.
The hotfix introduces HikariCP.jar into the <WebHelpDesk>/bin/webapps/helpdesk/WEB-INF/lib directory and replaces whd-core.jar, whd-web.jar, and whd-persistence.jar with patched versions.
To install the hotfix, administrators must first stop the WHD service and back up and remove the existing c3p0.jar, whd-core.jar, whd-web.jar, and whd-persistence.jar files.
They then copy the new hotfix files into the same lib directory and restart the application.
Detailed installation instructions and links to both the hotfix download and the broader 12.8.7 Release Notes are available on the SolarWinds documentation portal.
The hotfix requires Web Help Desk 12.8.7 as a prerequisite and supports installations on macOS, Windows, and Linux platforms.
Organizations using Web Help Desk must treat this update as urgent. Customers who installed version 12.8.7 should immediately download and apply Hotfix 1 to avoid exposure to this critical vulnerability.
For new installations, administrators are advised to use the latest installer from the SolarWinds website or Customer Portal and then apply any subsequent hotfixes.
SolarWinds also recommends reviewing the WHD Installation and Upgrade Guide to ensure compatibility with supported operating systems and to verify whether additional configuration, such as enabling FIPS mode, is required.
After applying the hotfix, teams should conduct a full security assessment of WHD instances, checking for signs of exploitation and ensuring that all endpoints are fully patched.
Continuous monitoring of official SolarWinds release notes is essential to stay informed about any further updates or advisory notices.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates
The post Privilege Escalation Vulnerability Discovered in SolarWinds Web Help Desk appeared first on Cyber Security News.
Editor’s Note: The Abilene Police Department supplied the following arrest and incident reports. All information…
ABILENE, Texas (KTAB/KRBC) - Two restaurants have closed at the Mall of Abilene as several…
(KTAB/KRBC) - Early voting for city and school general elections in May is now underway.…
If you're craving big flavor and a true West Texas experience, a trip to Rowena…
Apple has announced that CEO Tim Cook is stepping down. The tech giant revealed the…
This website uses cookies.