Threat Intelligence / CVE / CVE-2025-26399
CVE-2025-26399
CISA KEVSolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-502
Threats tracking this CVE
References
- https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26399
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-26399
- https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/
Full detection coverage & IOCs for threats exploiting CVE-2025-26399 are available via the Threadlinqs MCP server (Purple tier). View plans →