SolarWinds has launched a hotfix for a vital a vital vulnerability in Net Assist Desk that enables distant code execution (RCE) with out authentication.
Tracked as CVE-2025-26399, the safety challenge is the corporate’s third try to deal with an older flaw recognized as CVE-2024-28986 that impacted Net Assist Desk (WHD) 12.8.3 and all earlier variations.
SolarWinds WHD is a assist desk and ticketing suite utilized by medium-to-large organizations for IT help request monitoring, workflow automation, asset administration, and compliance assurance.
CVE-2025-26399 impacts the most recent WHD model 12.8.7 and is attributable to unsafe deserialization dealing with within the AjaxProxy element. Profitable exploitation permits an unauthenticated attacker to run instructions on the host machine.
In a safety bulletin, the seller says that “this vulnerability is a patch bypass of CVE-2024-28988, which in flip is a patch bypass of CVE-2024-28986.”
Final August, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) marked the unique SolarWinds flaw as being leveraged in assaults and added it to the Recognized Exploited Vulnerabilities (KEV) catalog.
The brand new safety drawback was reported to SolarWinds by means of the Pattern Micro Zero Day Initiative (ZDI). On the time of writing there aren’t any public studies about menace actors exploiting it.
Hotfix out there
SolarWinds has launched a hotfix that addresses CVE-2025-26399, which requires putting in Net Assist Desk model 12.8.7. To use the safety replace, customers are suggested to observe these steps:
- Cease Net Assist Desk
- Navigate to:
/bin/webapps/helpdesk/WEB-INF/lib/ (substitute relying on OS) - Again up after which delete: c3p0.jar
- Again up (to a separate listing): whd-core.jar, whd-web.jar, whd-persistence.jar
- Copy the hotfix-supplied JARs into the identical /lib listing, overwriting the originals: whd-core.jar, whd-web.jar, whd-persistence.jar, plus add HikariCP.jar
- Restart Net Assist Desk
The hotfix is solely out there by means of the SolarWinds Buyer Portal. Extra data on how one can improve WHD is out there right here.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration tendencies.
