Exposures › CVE-2025-26399
SolarWinds Web Help Desk allows remote command execution via untrusted data deserialization in AjaxProxy.
This vulnerability enables attackers to execute arbitrary commands on compromised systems, posing a severe risk to DIB organizations relying on SolarWinds infrastructure. Immediate patching and network segmentation are critical to prevent unauthorized access and potential data exfiltration.
Shame score — A critical RCE vulnerability in a widely deployed product that is actively exploited in the wild, indicating a failure to patch or secure the supply chain.
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.
No correlated FedRAMP products.