How to fix CVE-2025-26395?

Within 24 hours: Inventory all SolarWinds Observability Self-Hosted instances and verify current versions. Within 7 days: Apply the available vendor patch to all affected systems, prioritizing production environments. Within 30 days: Complete patch deployment across all instances and conduct post-patch validation testing.

Is Observability Self Hosted affected by CVE-2025-26395?

SolarWinds Observability Self-Hosted deployments face a cross-site scripting vulnerability that could allow authenticated administrators to execute malicious scripts.

CVE-2025-26395

EUVD-2025-17686 HIGH

2025-06-10 [email protected]

XSS Authentication Bypass Observability Self Hosted

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17686

Patch Released

Mar 14, 2026 - 19:49 nvd

Patch available

CVE Published

Jun 10, 2025 - 15:15 nvd

HIGH 7.1

DescriptionNVD

SolarWinds Observability Self-Hosted

was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required.

AnalysisAI

Stored/reflected cross-site scripting (XSS) vulnerability in SolarWinds Observability Self-Hosted caused by insufficient input sanitization in URL parameters. The vulnerability affects authenticated administrators and requires user interaction to exploit, allowing attackers with admin credentials to inject malicious scripts that execute in victim browsers with network-scoped impact (C:H, I:L, A:L). There is no indication of active exploitation in the wild (KEV status unknown) or public proof-of-concept availability based on available data.

Technical ContextAI

The vulnerability stems from CWE-79 (Improper Neutralization of Input During Web Page Generation), a classic web application flaw where user-supplied input from URL parameters is not properly sanitized before being reflected or stored in HTML output. SolarWinds Observability Self-Hosted, a monitoring and observability platform, fails to encode or validate URL-based input fields before rendering them in responses. This allows attackers to inject arbitrary JavaScript that executes in the context of authenticated admin sessions. The vulnerability requires admin-level privileges (PR:H) and user interaction (UI:R), suggesting the attack vector is adjacent network (AV:A), likely requiring the attacker to be on the same network segment or through a socially-engineered link shared with an administrator.

RemediationAI

Immediate actions: (1) Apply security patch from SolarWinds when available—check https://www.solarwinds.com/trust-center for advisories and patches; (2) Restrict admin interface access to trusted networks via firewall rules or VPN; (3) Implement Web Application Firewall (WAF) rules to sanitize URL parameters and block common XSS payloads; (4) Enforce Content Security Policy (CSP) headers to mitigate XSS impact even if injection succeeds; (5) Monitor admin account activity and browser sessions for unusual access patterns; (6) If patch is unavailable, implement input validation/encoding at the application level for all URL parameters. Workaround: disable or restrict access to affected URL-based features until patched.

CVE-2025-26395 vulnerability details – vuln.today

Back