SolarWinds Platform Server-Side Request Forgery Vulnerability

(CVE-2024-52606)

Summary

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request.

Affected Products

SolarWinds Platform 2024.4.1 and previous versions

Fixed Software Release

SolarWinds Platform 2025.1

Acknowledgments

Anonymous working with Trend Micro Zero Day Initiative

Advisory Details

Severity

3.5 Low

Advisory ID

CVE-2024-52606

First Published

02/11/2025

Fixed Version

SolarWinds Platform 2025.1

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N