The flaw, tracked as CVE-2025-26399, carries a critical severity rating of 9.8 out of 10, highlighting the severe risk it poses to affected systems. The vulnerability stems from the deserialization of untrusted data within the AjaxProxy component of the software.
According to the advisory, the vulnerability allows a remote attacker to execute arbitrary commands on the host machine without needing any credentials.
This issue is particularly concerning as it is a patch bypass for two previously addressed vulnerabilities, CVE-2024-28988 and CVE-2024-28986.
This recurrence suggests a persistent weakness in the software’s handling of serialized data, allowing security researchers to find new ways to exploit the same underlying problem.
SolarWinds has credited an anonymous researcher working with Trend Micro’s Zero Day Initiative for discovering and responsibly disclosing this latest iteration of the flaw.
In response to the discovery, SolarWinds has issued Web Help Desk 12.8.7 Hotfix 1. The company strongly urges all customers who have downloaded and installed version 12.8.7 to apply this hotfix immediately to mitigate the risk of exploitation.
The patch addresses the vulnerability by modifying several core files, including whd-core.jar, whd-web.jar, and whd-persistence.jar, and adding the HikariCP.jar file.
Administrators are instructed to stop the Web Help Desk service, back up and replace the specified files, and then restart the service to complete the installation.
Failure to apply the hotfix leaves systems exposed to potential takeover by remote attackers.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE appeared first on Cyber Security News.
In September, Donald Trump claimed that "the United States is getting a tremendous fee" for…
ABILENE, Texas (KTAB/KRBC) - Two men in Abilene, a father and son, were arrested Friday…
According to Reuters, Meta is looking to offset spending on AI and data centers with…
Hulu has decided to scrap Buffy the Vampire Slayer: New Sunnydale, its planned continuation series…
Jostling a folded piece of paper, holding it marooned in the air, selectman Beth Blair…
Boscawen voters cruised through a speedy town meeting Friday night, one with so little controversy…
This website uses cookies.