What is the CVSS score of CVE-2025-26399?

CVE-2025-26399 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 28.2%.

Which versions of Web Help Desk are affected by CVE-2025-26399?

Organizations using SolarWinds Web Help Desk face critical risk from CVE-2025-26399, a insecure deserialization vulnerability rated CVSS 9.8.. A patch is available.

Is CVE-2025-26399 being actively exploited?

Yes, CVE-2025-26399 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-26399?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

Web Help Desk CVE-2025-26399

CRITICAL

Deserialization of Untrusted Data (CWE-502)

2025-09-23 psirt@solarwinds.com

RCE Deserialization Web Help Desk

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:13 vuln.today

Patch released

Mar 28, 2026 - 19:13 nvd

Patch available

Added to CISA KEV

Mar 10, 2026 - 13:11 cisa

CISA KEV

CVE Published

Sep 23, 2025 - 05:15 nvd

CRITICAL 9.8

DescriptionNVD

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

AnalysisAI

SolarWinds Web Help Desk contains an unauthenticated deserialization RCE via AjaxProxy, a patch bypass of both CVE-2024-28988 and CVE-2024-28986, the third iteration of this vulnerability.

Technical ContextAI

The CWE-502 deserialization in AjaxProxy processes untrusted data without proper class filtering. This is a double patch bypass, indicating the remediation approach was fundamentally insufficient.

RemediationAI

Apply the latest SolarWinds patches. Consider the pattern of repeated bypasses when evaluating continued use of the product.

CVE-2025-26399 vulnerability details – vuln.today

Back

Web Help Desk CVE-2025-26399

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code