SolarWinds has launched an pressing safety advisory for a essential vulnerability in its Internet Assist Desk software program that might enable an unauthenticated attacker to realize distant code execution (RCE).
The flaw, tracked as CVE-2025-26399, carries a essential severity score of 9.8 out of 10, highlighting the extreme danger it poses to affected programs. The vulnerability stems from the deserialization of untrusted knowledge inside the AjaxProxy part of the software program.
In response to the advisory, the vulnerability permits a distant attacker to execute arbitrary instructions on the host machine with no need any credentials.
This problem is especially regarding as it’s a patch bypass for 2 beforehand addressed vulnerabilities, CVE-2024-28988 and CVE-2024-28986.
This recurrence suggests a persistent weak point within the software program’s dealing with of serialized knowledge, permitting safety researchers to search out new methods to take advantage of the identical underlying drawback.
SolarWinds has credited an nameless researcher working with Pattern Micro’s Zero Day Initiative for locating and responsibly disclosing this newest iteration of the flaw.
Mitigations
In response to the invention, SolarWinds has issued Internet Assist Desk 12.8.7 Hotfix 1. The corporate strongly urges all clients who’ve downloaded and put in model 12.8.7 to use this hotfix instantly to mitigate the chance of exploitation.
The patch addresses the vulnerability by modifying a number of core recordsdata, together with whd-core.jar, whd-web.jar, and whd-persistence.jar, and including the HikariCP.jar file.
Directors are instructed to cease the Internet Assist Desk service, again up and exchange the desired recordsdata, after which restart the service to finish the set up.
Failure to use the hotfix leaves programs uncovered to potential takeover by distant attackers.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
