SolarWinds Web Help Desk vulnerability allowing remote command execution

SolarWinds has disclosed a critical vulnerability in its Web Help Desk software that could allow attackers to execute unauthorized commands on affected servers. The flaw, tracked as CVE-2025-26399, stems from a deserialization of untrusted data (CWE-502) issue in the AjaxProxy component. By sending specially crafted malicious data, attackers can trick the application into executing arbitrary commands in system memory, potentially giving them full control of the server.

SolarWinds Web Help Desk vulnerability allowing remote command executionSolarWinds Web Help Desk vulnerability allowing remote command execution

Due to its severity and confirmed exploitation in the wild, the vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog by Cybersecurity and Infrastructure Security Agency. Once exploited, attackers could steal sensitive data, manipulate user accounts, or move deeper into the internal network. Although it is not yet confirmed whether ransomware groups are using this flaw, organizations running exposed Web Help Desk instances face a high risk of compromise.

SolarWinds Web Help Desk vulnerability allowing remote command executionSolarWinds Web Help Desk vulnerability allowing remote command execution

CISA has urged immediate action, requiring U.S. federal agencies to remediate the issue by March 12, 2026 under Binding Operational Directive 22-01. Security experts recommend applying the latest SolarWinds patches as soon as possible, monitoring systems for unusual command activity, and disconnecting vulnerable systems from the network if patches cannot be applied.

 


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net