Overview

• Tracked as CVE-2025-26399, the flaw is an unauthenticated AjaxProxy deserialization bug enabling remote code execution on Web Help Desk 12.8.7 and earlier.
• The vulnerability carries a CVSS score of 9.8 and can allow code execution in the context of SYSTEM.
• SolarWinds says this is a patch bypass of CVE-2024-28988, which itself bypassed CVE-2024-28986, marking a third attempt to fully remediate the issue.
• The hotfix (WHD 12.8.7 HF1) is available only through the SolarWinds Customer Portal and requires replacing specific JAR files and adding HikariCP.jar per the vendor’s instructions.
• An anonymous researcher working with Trend Micro’s Zero Day Initiative reported the bug, and there are currently no public reports of active exploitation, though CISA previously added the original flaw to its KEV catalog.