top of page
perceptive_background_267k.jpg

SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machineā€¦

Published:

9 maart 2026 om 00:00:00

Alert date:

9 maart 2026 om 21:02:12

Source:

cisa.gov

Click to open the original link from this advisory

Enterprise Applications

SolarWinds Web Help Desk contains a critical deserialization of untrusted data vulnerability in the AjaxProxy component (CVE-2025-26399). This vulnerability could allow an attacker to execute arbitrary commands on the host machine. The issue affects the Web Help Desk application and has been addressed in version 12.8.7 hotfix-1. Given SolarWinds' history as a high-profile target and the remote code execution potential, this vulnerability poses significant risk to organizations using the affected software. Organizations should prioritize patching to the latest version to mitigate potential exploitation.

Technical details

Mitigation steps:

Affected products:

SolarWinds Web Help Desk

Related links:

https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm
https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399
https://nvd.nist.gov/vuln/detail/CVE-2025-26399

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page