SolarWinds SWOSH Open Redirection Vulnerability 

(CVE-2025-26394)

Summary

SolarWinds SWOSH is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Affected Products

  • SolarWinds SWOSH 2025.1.1 and prior versions


Fixed Software Release


Acknowledgments

  • Shahzin Sajid, Al Sabah Salim, and Shabeer Ali from the QatarEnergyLNG SOC team

Advisory Details

Severity

4.8 Medium

Advisory ID

First Published

06/10/2025

Fixed Version