CVE-2025-26392 | THREATINT

Description

SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.

PUBLISHED Reserved 2025-02-08 | Published 2025-10-21 | Updated 2025-10-21 | Assigner SolarWinds

MEDIUM: 5.4CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

affected

2025.2.1 and below

affected

Credits

The KPN REDteam finder

References

www.solarwinds.com/...ter/security-advisories/CVE-2025-26392

documentation.solarwinds.com/...hco_2025-4_release_notes.htm

cve.org (CVE-2025-26392)

nvd.nist.gov (CVE-2025-26392)

Download JSON