All news with #solarwinds tag

SolarWinds Patches Third Bypass for Web Help Desk Bug

🔒SolarWinds has issued a third patch for a critical Java deserialization vulnerability in its Web Help Desk product. The vendor describes the new advisory as a patch bypass of CVE-2024-28988, which itself bypassed CVE-2024-28986, and has designated the latest issue CVE-2025-26399. The underlying unsafe Java deserialization flaw in the AjaxProxy component can permit unauthenticated remote code execution and is rated 9.8/10 on the CVSS scale.

SolarWinds issues third patch for Web Help Desk RCE

🔒 SolarWinds has released a hotfix addressing a critical unauthenticated remote code execution vulnerability in Web Help Desk tracked as CVE-2025-26399. The flaw affects WHD 12.8.7 and is caused by unsafe deserialization in the AjaxProxy component, described as a patch bypass of earlier CVE-2024-28986/28988 fixes. Administrators should obtain the hotfix from the SolarWinds Customer Portal and follow the vendor’s JAR replacement steps promptly.

SolarWinds Issues Hotfix for Critical Web Help Desk RCE

🔧 SolarWinds has released a hotfix to address a critical deserialization vulnerability in Web Help Desk that affects versions up to 12.8.7, tracked as CVE-2025-26399 (CVSS 9.8). The unauthenticated AjaxProxy flaw can enable remote command execution on vulnerable hosts if exploited. An anonymous researcher working with the Trend Micro Zero Day Initiative reported the issue. SolarWinds recommends immediate upgrade to 12.8.7 HF1 to mitigate risk.