Overview

• CVE-2025-26399 is an unauthenticated AjaxProxy deserialization remote code execution bug in Web Help Desk rated CVSS 9.8 and capable of running commands on the host.
• SolarWinds released Web Help Desk 12.8.7 Hotfix 1 through its Customer Portal, with instructions to stop the service and replace specific JAR files before restarting.
• The issue is a patch bypass of CVE-2024-28988, which itself bypassed CVE-2024-28986, the original Web Help Desk deserialization flaw later added to CISA’s Known Exploited Vulnerabilities catalog.
• An anonymous researcher working with Trend Micro’s Zero Day Initiative reported the latest flaw, and SolarWinds says there are no confirmed reports of exploitation at this time.
• Given past exploitation of related bugs and the product’s enterprise and public‑sector footprint, security teams are advised to update immediately and monitor for signs of attack.