SolarWinds SWOSH Open Redirection Vulnerability
(CVE-2025-26394)
Summary
SolarWinds SWOSH is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.
Affected Products
- SolarWinds SWOSH 2025.1.1 and prior versions
Fixed Software Release
Acknowledgments
- Shahzin Sajid, Al Sabah Salim, and Shabeer Ali from the QatarEnergyLNG SOC team
Advisory Details
Severity
4.8 Medium
Advisory ID
First Published
06/10/2025