- 131/2025
- High
SolarWinds has released security updates to address several vulnerabilities affecting multiple SolarWinds products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct cross-site scripting attacks, or gain elevated privileges to the affected product.
1. SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Privilege Escalation Vulnerability (CVE-2025-26396):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privilege
2. SolarWinds SWOSH DOM-based Reflective XSS Vulnerability (CVE-2025- 26395):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross-Site Scripting
Sample of the affected products:
- SolarWinds SWOSH.
- SolarWinds DameWare Mini Remote Control Service.
- SolarWinds Serv-U.
- SolarWinds Platform.
Vulnerabilities
- CVE-2024-28989
- CVE-2024-45718
- CVE-2024-52611
- CVE-2024-52606
- CVE-2024-52612
- CVE-2024-45712
- CVE-2025-26396
- CVE-2025-26395
- CVE-2025-26394
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.