<ciso brief/>
Tag Banner

All news with #solarwinds tag

all tags →

Fri, November 21, 2025

SEC Drops Lawsuit Against SolarWinds After Years-long Probe

#Regulatory Action #Supply-Chain Incident #SolarWinds #Disclosure

📰The U.S. Securities and Exchange Commission has voluntarily dismissed its lawsuit against SolarWinds and CISO Timothy G. Brown, filing a joint motion to dismiss on November 20, 2025. The October 2023 complaint alleged fraud, internal control failures, and misleading disclosures tied to the late-2020 supply-chain compromise attributed to APT29. Many allegations were rejected by the SDNY in July 2024 as relying on hindsight. SolarWinds' CEO said the company emerges stronger, more secure, and better prepared.

read more →

Tue, September 23, 2025

SolarWinds Patches Third Bypass for Web Help Desk Bug

#SolarWinds #Security Advisory #Patch #Active Exploitation #RCE #Java Deserialization

🔒SolarWinds has issued a third patch for a critical Java deserialization vulnerability in its Web Help Desk product. The vendor describes the new advisory as a patch bypass of CVE-2024-28988, which itself bypassed CVE-2024-28986, and has designated the latest issue CVE-2025-26399. The underlying unsafe Java deserialization flaw in the AjaxProxy component can permit unauthenticated remote code execution and is rated 9.8/10 on the CVSS scale.

read more →

Tue, September 23, 2025

SolarWinds issues third patch for Web Help Desk RCE

#SolarWinds #Hotfix #Patch #Security Advisory #Insecure Deserialization #Web Help Desk

🔒 SolarWinds has released a hotfix addressing a critical unauthenticated remote code execution vulnerability in Web Help Desk tracked as CVE-2025-26399. The flaw affects WHD 12.8.7 and is caused by unsafe deserialization in the AjaxProxy component, described as a patch bypass of earlier CVE-2024-28986/28988 fixes. Administrators should obtain the hotfix from the SolarWinds Customer Portal and follow the vendor’s JAR replacement steps promptly.

read more →

Tue, September 23, 2025

SolarWinds Issues Hotfix for Critical Web Help Desk RCE

#Security Advisory #Patch #RCE #KEV Added #SolarWinds

🔧 SolarWinds has released a hotfix to address a critical deserialization vulnerability in Web Help Desk that affects versions up to 12.8.7, tracked as CVE-2025-26399 (CVSS 9.8). The unauthenticated AjaxProxy flaw can enable remote command execution on vulnerable hosts if exploited. An anonymous researcher working with the Trend Micro Zero Day Initiative reported the issue. SolarWinds recommends immediate upgrade to 12.8.7 HF1 to mitigate risk.

read more →