SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability

(CVE-2025-26399)

Summary

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Affected Products

SolarWinds Web Help Desk 12.8.7 and all previous versions

Fixed Software Release

SolarWinds Web Help Desk 12.8.7 HF1

Acknowledgments

Anonymous working with Trend Micro Zero Day Initiative

Advisory Detail

Severity

9.8 Critical

Advisory ID

CVE-2025-26399

First Published

09/17/2025

Fixed Version

SolarWinds Web Help Desk 12.8.7 HF1

CVSS Score

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H