SolarWinds DameWare Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability (CVE-2025-26396)

Summary

The SolarWinds DameWare Mini Remote Control was determined to be affected by an incorrect permissions local privilege escalation vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.

Affected Products

SolarWinds DameWare Mini Remote Control 12.3.1.20 and previous versions

Fixed Software Release

SolarWinds DameWare Mini Remote Control

Acknowledgments

Alexander Pudwill working with Trend Micro Zero Day Initiative

Advisory Details
Severity
7.8
Advisory ID

CVE-2025-26396

First Published
06/02/2025
Last Published
06/02/2025
Fixed Version

Dameware Mini Remote Control 12.3.2

CVSS Score

CVSS:3.1/ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Download PDF
Send an Email