SolarWinds Observability Self-Hosted SQL Injection Vulnerability

(CVE-2025-26392)

Summary

SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.

Affected Products

SolarWinds Observability Self-Hosted 2025.2.1 and prior versions

Fixed Software Release

SolarWinds Observability Self-Hosted 2025.4

Acknowledgments

The KPN REDteam

Advisory Detail

Severity

5.4 Medium

Advisory ID

CVE-2025-26392

First Published

10/21/2025

Fixed Version

SolarWinds Observability Self-Hosted 2025.4

CVSS Score

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N