SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular web-based IT ticketing and asset management solution. While the vulnerability is currently not being leveraged by attackers, they might soon reverse-engineer the hotfix and create a working exploit. As watchTowr researchers noted, “given SolarWinds’ past, in-the-wild exploitation is highly likely.” About CVE-2025-26399 “[CVE-2025-26399] exists within the AjaxProxy class. The issue results from the lack of proper validation … More

The post SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399) appeared first on Help Net Security.