SolarWinds has launched a hotfix for a important a important vulnerability in Internet Assist Desk that enables distant code execution (RCE) with out authentication.
Tracked as CVE-2025-26399, the security concern is the corporate’s third try to handle an older flaw recognized as CVE-2024-28986 that impacted Internet Assist Desk (WHD) 12.8.3 and all earlier variations.
SolarWinds WHD is a assist desk and ticketing suite utilized by medium-to-large organizations for IT help request monitoring, workflow automation, asset administration, and compliance assurance.
CVE-2025-26399 impacts the newest WHD model 12.8.7 and is brought on by unsafe deserialization dealing with within the AjaxProxy part. Profitable exploitation permits an unauthenticated attacker to run instructions on the host machine.
In a security bulletin, the seller says that “this vulnerability is a patch bypass of CVE-2024-28988, which in flip is a patch bypass of CVE-2024-28986.”
Final August, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) marked the unique SolarWinds flaw as being leveraged in assaults and added it to the Recognized Exploited Vulnerabilities (KEV) catalog.
The brand new security drawback was reported to SolarWinds via the Development Micro Zero Day Initiative (ZDI). On the time of writing there are not any public studies about risk actors exploiting it.
Hotfix out there
SolarWinds has launched a hotfix that addresses CVE-2025-26399, which requires putting in Internet Assist Desk model 12.8.7. To use the security replace, customers are suggested to observe these steps:
- Cease Internet Assist Desk
- Navigate to: <WebHelpDesk>/bin/webapps/helpdesk/WEB-INF/lib/ (substitute <WebHelpDesk> relying on OS)
- Again up after which delete: c3p0.jar
- Again up (to a separate listing): whd-core.jar, whd-web.jar, whd-persistence.jar
- Copy the hotfix-supplied JARs into the identical /lib listing, overwriting the originals: whd-core.jar, whd-web.jar, whd-persistence.jar, plus add HikariCP.jar
- Restart Internet Assist Desk
The hotfix is completely out there via the SolarWinds Buyer Portal. Extra info on the best way to improve WHD is out there right here.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration tendencies.
