- 208/2025
- Critical
SolarWinds has released security updates to address multiple vulnerabilities affecting SolarWinds Web Help Desk 12.8.7 and all previous versions, and SolarWinds Database Performance Analyzer 2025.2 and previous versions.
The addressed vulnerabilities could allow the attacker to run commands on the host machine and gain unauthorized access to the affected product, or enable a man-in-the-middle (MITM) attack against users.
Sample of the addressed vulnerabilities:
SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2025-26399
- CVE-2025-26398
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.