SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability (CVE-2025-26400)

Summary

SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.

Affected Products

SolarWinds Web Help Desk 12.8.6 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 12.8.7

Acknowledgments

DieuLink, Nhiephon and chung96vn from GCSC Vietnam

Advisory Detail
Severity
Medium
Advisory ID

CVE-2025-26400

First Published
07/29/2025
Fixed Version

SolarWinds Web Help Desk 12.8.7

CVSS Score

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Download PDF
Send an Email