Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

9.8

CVSS
Critical

CVE-2025-26399

PUBLISHED

SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability

1 day faster than CISA KEV

Exploited in the wild Remote Low complexity No user interaction

Vendor: SolarWinds
Product: Web Help Desk
Published: Sep 23, 2025
EPSS: 30.5% · 97% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

cisa

Weaknesses (CWE)

CWE-502

Deserialization of Untrusted Data

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 12:09:49 UTC · CVE

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 12:09 UTC
CISA	2026-06-02 14:02 UTC

Timeline

CVE ID Reserved

2025-02-08 00:19 UTC
CVE Published to Public

2025-09-23 05:07 UTC
Added to KEVIntel

2026-06-01 12:09 UTC
KEV confirmed by CISA

2026-06-02 14:02 UTC