We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-26394

SolarWinds SWOSH Open Redirection Vulnerability



Description

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Reserved 2025-02-08 | Published 2025-06-10 | Updated 2025-06-10 | Assigner SolarWinds


MEDIUM: 4.8CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status
unaffected

2025.1.1 and previous versions
affected

Credits

SolarWinds would like to thank Shahzin Sajid, Al Sabah Salim, and Shabeer Ali from the QatarEnergyLNG SOC team for reporting on the issue in a responsible manner. finder

References

www.solarwinds.com/...ter/security-advisories/CVE-2025-26394

documentation.solarwinds.com/...hco_2025-2_release_notes.htm

cve.org (CVE-2025-26394)

nvd.nist.gov (CVE-2025-26394)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-26394

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.