SolarWinds Service Desk Broken Access Control Vulnerability

(CVE-2025-26393)

Summary

SolarWinds Service Desk is affected by a vulnerability where unauthorized authenticated requesters can override ticket states, potentially redirecting ticket flows and changing process behavior.

Affected Products

SolarWinds Service Desk

Fixed Software Release

SolarWinds Service Desk

Acknowledgments

Seif Abdelwahid

Advisory Details

Severity

5.4 Medium

Advisory ID

CVE-2025-26393

Fixed Version

SolarWinds Service Desk

CVSS Score

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C/MAV:N/MAC:L/MPR:L/MUI:N/MS:U/MC:N/MI:L/MA:N