SolarWinds warns over harmful RCE flaw
SolarWinds is urging customers of its Internet Assist Desk helpdesk ticketing and asset administration software program to make sure their cases are up-to-date after patching a newly-uncovered distant code execution (RCE) flaw.
Tracked as CVE-2025-26399, the bug bypasses a repair for a earlier flaw, CVE-2024-28988, which was found and disclosed by Man Lederfein of Pattern Micro Safety Analysis 12 months in the past, in September 2024. Nonetheless, in a twist paying homage to the nursery rhyme about previous women swallowing spiders to catch flies, CVE-2024-28988 itself bypassed a repair for a 3rd problem, CVE-2024-28986.
Just like the preceeding vulnerabilities, the newest problem as soon as once more takes the type of an unauthenticated AjaxProxy deserialisation RCE vulnerability that permits a menace actor to run instructions on the host machine, ought to they achieve exploiting it.
A warning from historical past
Laptop Weekly understands that there’s at the moment no proof of any menace actors having exploited CVE-2025-26399 within the wild.
Nonetheless, SolarWinds’ Internet Assist Desk device is in in depth use at main enterprises and authorities and public sector our bodies alike, and the sooner ‘variations’ of the brand new flaw have been thought-about critical sufficient to be added to the Recognized Exploited Vulnerabilities catalogue run by the US’ Cybersecurity and Infrastructure Safety Company (CISA).
The addition of a bug to the KEV catalogue obliges all businesses of the federal civilian government department (FCEB) within the US to take motion to handle them in a selected timeframe, however the record additionally serves as a helpful indicator of which flaws organisations ought to be prioritising to patch.
In gentle of this, it’s highly-probable that CVE-2025-26399 shall be focused by menace actors within the very close to future, if such exercise has not already began.
Moreover, the occasions of the 2020-2021 Solorigate/Sunburst incident impacting SolarWinds customers additionally serves as a warning from historical past, in line with Ryan Dewhurst, head of proactive menace intelligence at watchTowr, an publicity administration specialist, who famous that SolarWinds is a reputation that “wants no introduction” in cyber safety circles.
“The notorious provide chain assault… allowed months lengthy entry into a number of Western authorities businesses and left a long-lasting mark on the trade. Quick ahead to 2024: an unauthenticated distant deserialisation vulnerability was patched… then patched once more. And now, right here we’re with one more addressing the exact same flaw. Third time’s the appeal?” stated Dewhurst.
“The unique bug was actively exploited within the wild, and whereas we’re not but conscious of lively exploitation of this newest patch bypass, historical past suggests it’s solely a matter of time.”
The Sunburst incident noticed nearly 20,000 SolarWinds prospects obtain and set up a malicious replace to the agency’s Orion platform, with distinguished victims together with US authorities our bodies such because the Division of Power (DoE) and the Nationwide Nuclear Security Administration (NNSA) that maintains America’s nuclear arsenal.
Earlier this yr SolarWinds and the Securities and Trade Fee (SEC) reached a settlement in precept resolving a case towards the organisation and its safety management over the circumstances that led to the compromise of Orion.
