SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability

(CVE-2025-26396)

Summary

The SolarWinds DameWare Mini Remote Control was determined to be affected by an incorrect permissions local privilege escalation vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.

Affected Products

SolarWinds DameWare Mini Remote Control 12.3.1.20 and previous versions

Fixed Software Release

SolarWinds DameWare Mini Remote Control

Acknowledgments

Alexander Pudwill working with Trend Micro Zero Day Initiative

Advisory Details

Severity

7.8

Advisory ID

CVE-2025-26396

First Published

06/02/2025

Last Published

06/02/2025

Fixed Version

Dameware Mini Remote Control 12.3.2

CVSS Score

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H