Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Exploitation of the latest patch bypass vulnerability is “only a matter of time”, according to one security expert.
IT management firm SolarWinds has released a third patch in an attempt to address a vulnerability in its Web Help Desk platform.
WHD 12.8.7 hotfix 1 addresses CVE-2025-26399, an AjaxProxy deserialisation of untrusted data RCE vulnerability.
“SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialisation remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine,” SolarWinds said in its patch release notes.
“This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.”
As Ryan Dewhurst, head of proactive threat intelligence at watchTowr, explains, SolarWinds is hardly covering itself in glory when it comes to attempts to address this recurring bug.
“SolarWinds is a name that needs no introduction in IT and cyber security circles. The infamous 2020 supply chain attack, attributed to Russia’s Foreign Intelligence Service (SVR), allowed months-long access into multiple Western government agencies and left a lasting mark on the industry,” Dewhurst told Cyber Daily.
“Fast forward to 2024: an unauthenticated remote deserialisation vulnerability (CVE-2024-28986) was patched … then patched again (CVE-2024-28988). And now, here we are with yet another patch (CVE-2025-26399) addressing the very same flaw. Third time’s the charm?”
While the previous vulnerabilities were exploited, SolarWinds has said it is unaware of any exploitation of this new vulnerability; however, that is hardly reassuring, explains Dewhurst.
“The original bug was actively exploited in the wild, and while we’re not yet aware of active exploitation of this latest patch bypass, history suggests it’s only a matter of time,” Dewhurst said.
This new vulnerability was credited to an anonymous researcher working with the Trend Micro Zero Day Initiative.
You can learn more about addressing and patching this vulnerability here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
