SolarWinds Web Help Desk Vulnerability Enables Privilege Escalation
A critical vulnerability in SolarWinds Web Help Desk (WHD) could allow attackers to escalate privileges and execute arbitrary code on affected systems.
SolarWinds has released Web Help Desk 12.8.7 Hotfix 1 to address CVE-2025-26399, a deserialization flaw in the AjaxProxy component.
Administrators are urged to install the hotfix immediately to prevent exploitation and protect management consoles from unauthorized access.
Vulnerability Details and Impact
The identified flaw resides within the AjaxProxy deserialization mechanism and impacts unpatched WHD installations version 12.8.7.
An unauthenticated attacker can send specially crafted requests that bypass existing patches and trigger remote code execution on the server hosting the Web Help Desk application.
| CVE ID | Vulnerability Title | Severity |
| CVE-2025-26399 | AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability | 9.8 (Critical) |
Successful exploitation grants attackers the same privileges as the WHD service account, which can include full administrative control over ticketing data, user credentials, and system configuration.
Because this vulnerability is a patch bypass of earlier flaws (CVE-2024-28988 and CVE-2024-28986), environments that applied those fixes remain at risk until Hotfix 1 is installed.
Exploitation could lead to data theft, infrastructure disruption, and lateral movement within enterprise networks.
SolarWinds released Web Help Desk 12.8.7 Hotfix 1 on September 23, 2025. The update replaces vulnerable JAR files in the <WebHelpDesk>/bin/webapps/helpdesk/WEB-INF/lib/ directory and adds a new HikariCP.jar component.
Administrators must back up existing c3p0.jar, whd-core.jar, whd-web.jar, and whd-persistence.jar files, delete the outdated versions, and copy the provided JARs from the hotfix package.
After replacing the files, restart the Web Help Desk service to apply the patch.
Customers who installed the original 12.8.7 release must download and apply Hotfix 1 to fully remediate CVE-2025-26399.
Detailed installation instructions and additional upgrade guidance are available in the SolarWinds documentation.
SolarWinds thanks the researchers who responsibly disclosed this issue and collaborated on a timely fix.
Administrators should treat this vulnerability as a top priority due to its high severity score and potential impact on business operations.
Regular monitoring of SolarWinds security advisories and prompt application of hotfixes will help maintain the security and integrity of Web Help Desk deployments.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
Post Comment