Ethical Hacking News
SolarWinds has addressed a critical RCE flaw in its Web Help Desk software that could allow attackers to execute arbitrary commands on vulnerable systems. Organizations using the software are advised to install hot fixes as soon as possible to mitigate the risk of exploitation.
A critical Remote Code Execution (RCE) flaw was identified in SolarWinds' Web Help Desk software. The vulnerability allows an attacker to execute arbitrary commands on susceptible systems via AjaxProxy deserialization remote code execution. The vulnerability affects all versions of SolarWinds Web Help Desk up to version 12.8.7. There is currently no evidence that the vulnerability is being actively exploited in attacks in the wild, but organizations should install hot fixes as soon as possible to mitigate the risk of exploitation.
The world of cybersecurity is constantly evolving, and new vulnerabilities are being discovered every day. Recently, SolarWinds has addressed a critical vulnerability in its Web Help Desk software that could allow attackers to execute arbitrary commands on vulnerable systems. In this article, we will delve into the details of this vulnerability, its impact on security, and what measures can be taken to mitigate it.
A critical Remote Code Execution (RCE) flaw was identified in SolarWinds' Web Help Desk software, tracked as CVE-2025-26399 with a CVSS score of 9.8. This means that the vulnerability is highly severe and could have significant consequences for an organization's security if exploited.
The vulnerability allows an attacker to execute arbitrary commands on susceptible systems via AjaxProxy deserialization remote code execution. According to the advisory, SolarWinds Web Help Desk was found to be susceptible to this unauthenticated AjaxProxy deserialization remote code execution vulnerability. If exploited, this would allow an attacker to run commands on the host machine.
The vulnerability affects SolarWinds Web Help Desk 12.8.7 and all previous versions. An anonymous researcher working with the Trend Micro Zero Day Initiative reported the flaw. The company has released hot fixes to address the critical flaw, which is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
The new SolarWinds Web Help Desk flaw allows unauthenticated RCE via AjaxProxy deserialization, bypassing fixes for CVE-2024-28988 and CVE-2024-28986. Deserialization of Untrusted Data is a high-severity vulnerability where an application reconstructs objects from data received from untrusted sources, without verifying integrity or validity. Attackers can craft malicious serialized objects that, when deserialized, abuse the logic of the application to execute code, access sensitive data, escalate privileges, or manipulate system processes.
Currently, there is no evidence that the vulnerability is being actively exploited in attacks in the wild. However, it is essential for organizations using SolarWinds Web Help Desk software to take immediate action to install hot fixes as soon as possible to mitigate the risk of exploitation.
In conclusion, the critical RCE flaw in SolarWinds' Web Help Desk software highlights the importance of regular vulnerability assessments and the need for organizations to stay up-to-date with the latest security patches. By taking proactive measures, organizations can minimize the risk of a successful attack and ensure the integrity of their systems.
Related Information:
https://www.ethicalhackingnews.com/articles/SolarWinds-Web-Help-Desk-Vulnerability-A-Critical-RCE-Flaw-Exploited-by-Threat-Actors-ehn.shtml
https://securityaffairs.com/182545/security/solarwinds-fixed-a-critical-rce-flaw-in-its-web-help-desk-software.html
https://nvd.nist.gov/vuln/detail/CVE-2024-28988
https://www.cvedetails.com/cve/CVE-2024-28988/
https://nvd.nist.gov/vuln/detail/CVE-2024-28986
https://www.cvedetails.com/cve/CVE-2024-28986/
https://nvd.nist.gov/vuln/detail/CVE-2025-26399
https://www.cvedetails.com/cve/CVE-2025-26399/
Published: Wed Sep 24 09:01:20 2025 by llama3.2 3B Q4_K_M
