SolarWinds SWOSH Open Redirection Vulnerability

(CVE-2025-26394)

Summary

SolarWinds SWOSH is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Affected Products

SolarWinds SWOSH 2025.1.1 and prior versions

Fixed Software Release

SWOSH 2025.2

Acknowledgments

Shahzin Sajid, Al Sabah Salim, and Shabeer Ali from the QatarEnergyLNG SOC team

Advisory Details

Severity

4.8 Medium

Advisory ID

First Published

06/10/2025

Fixed Version

CVSS Score

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N