SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
History

Wed, 30 Jul 2025 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Solarwinds
Solarwinds web Help Desk
Vendors & Products Solarwinds
Solarwinds web Help Desk

Tue, 29 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 29 Jul 2025 08:15:00 +0000

Type Values Removed Values Added
Description SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
Title SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability
Weaknesses CWE-611
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: SolarWinds

Published: 2025-07-29T08:07:38.230Z

Updated: 2025-07-29T13:47:18.609Z

Reserved: 2025-02-08T00:19:09.395Z

Link: CVE-2025-26400

cve-icon Vulnrichment

Updated: 2025-07-29T13:47:14.712Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-29T08:15:26.053

Modified: 2025-07-29T14:14:29.590

Link: CVE-2025-26400

cve-icon Redhat

No data.