Tech News

SolarWinds releases third patch to fix Web Help Desk RCE bug

By admin 3 Min Read

SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication.

Tracked as CVE-2025-26399, the security issue is the company’s third attempt to address an older flaw identified as CVE-2024-28986 that impacted Web Help Desk (WHD) 12.8.3 and all previous versions.

SolarWinds WHD is a help desk and ticketing suite used by medium-to-large organizations for IT support request tracking, workflow automation, asset management, and compliance assurance.

CVE-2025-26399 affects the latest WHD version 12.8.7 and is caused by unsafe deserialization handling in the AjaxProxy component. Successful exploitation allows an unauthenticated attacker to run commands on the host machine.

In a security bulletin, the vendor says that “this vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.”

Last August, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) marked the original SolarWinds flaw as being leveraged in attacks and added it to the Known Exploited Vulnerabilities (KEV) catalog.

The new security problem was reported to SolarWinds through the Trend Micro Zero Day Initiative (ZDI). At the time of writing there are no public reports about threat actors exploiting it.

Hotfix available

SolarWinds has released a hotfix that addresses CVE-2025-26399, which requires installing Web Help Desk version 12.8.7. To apply the security update, users are advised to follow these steps:

  1. Stop Web Help Desk
  2. Navigate to: /bin/webapps/helpdesk/WEB-INF/lib/ (substitute depending on OS)
  3. Back up and then delete: c3p0.jar
  4. Back up (to a separate directory): whd-core.jar, whd-web.jar, whd-persistence.jar
  5. Copy the hotfix-supplied JARs into the same /lib directory, overwriting the originals: whd-core.jar, whd-web.jar, whd-persistence.jar, plus add HikariCP.jar
  6. Restart Web Help Desk

The hotfix is exclusively available through the SolarWinds Customer Portal. More information on how to upgrade WHD is available here.

Picus Blue Report 2025

46% of environments had passwords cracked, nearly doubling from 25% last year.

Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.

You Might Also Like

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Girls in Single-Sex Schools Face Major STEM Access Gap

The ‘Surge’ of Troops May Not Come to San Francisco, but the City Is Ready Anyway

Dublin aquatech PT Aqua named BIM Business of the Year 2025

The Truth About the Meta Display Glasses

TAGGED: , , , ,
Share This Article
Previous Article SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
Next Article 8 Best Vegan Meal Delivery Services and Kits (2025), Tested, Tasted, and Reviewed
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -

Latest News

Fallout 76: Burning Springs Update is Out on December 2, PS5, Xbox Series X/S Versions Set For 2026
Gaming News
Paytm and Vedanta emerge as top buys amid sectoral rotation and profit booking: CA Rudramurthy BV
Business
Bitcoin’s institutional surge widens trillion-dollar gap with altcoins
Crypto
Best Presales Live News Today: Latest Updates on Early Crypto Projects with 10x Potential (October 24)
Crypto
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Tech News
Girls in Single-Sex Schools Face Major STEM Access Gap
Tech News
European lawmakers call for end to EU support for all Libyan security forces
World News
Lost your password?