{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-034.pdf"
    },
    "title": "Critical Vulnerability in SolarWinds Web Help Desk",
    "serial_number": "2025-034",
    "publish_date": "24-09-2025 15:35:06",
    "description": "On September 17, 2025, SolarWinds released a security advisory addressing a critical vulnerability in its Web Help Desk product. The fix provided as part of this advisory is a patch bypass of CVE-24-28988, which in turn is a patch bypass of CVE-2024-28986.<br>\nIt is recommended updating affected assets as soon as possible.<br>\n",
    "url_title": "2025-034",
    "content_markdown": "---    \ntitle: 'Critical Vulnerability in\u00a0SolarWinds\u00a0Web\u00a0Help\u00a0Desk'\nnumber: '2025-034'\nversion: '1.0'\noriginal_date: '2025-09-17'\ndate: '2025-09-24'\n---\n\n_History:_\n\n* _24/09/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn September 17, 2025, SolarWinds released a security advisory addressing a critical vulnerability in its Web Help Desk product. The fix provided as part of this advisory is a patch bypass of CVE-24-28988, which in turn is a patch bypass of CVE-2024-28986 [1].\n\nIt is recommended updating affected assets as soon as possible.\n\n# Technical Details\n\nThe vulnerability **CVE-2025-26399**, with a CVSS score of 9.8, an unauthenticated AjaxProxy deserialisation remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine [1].\n\n# Affected Products\n\nSolarWinds Web Help Desk 12.8.7 and all previous versions are affected by this vulnerability.\n\n# Recommendations\n\nIt is recommended updating affected assets as soon as possible.\n\n# References\n\n[1] <https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399>",
    "content_html": "<p><em>History:</em></p><ul><li><em>24/09/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On September 17, 2025, SolarWinds released a security advisory addressing a critical vulnerability in its Web Help Desk product. The fix provided as part of this advisory is a patch bypass of CVE-24-28988, which in turn is a patch bypass of CVE-2024-28986 [1].</p><p>It is recommended updating affected assets as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2025-26399</strong>, with a CVSS score of 9.8, an unauthenticated AjaxProxy deserialisation remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine [1].</p><h2 id=\"affected-products\">Affected Products</h2><p>SolarWinds Web Help Desk 12.8.7 and all previous versions are affected by this vulnerability.</p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended updating affected assets as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399\">https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}