CVE-2025-26394 | THREATINT

Description

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

PUBLISHED Reserved 2025-02-08 | Published 2025-06-10 | Updated 2025-06-10 | Assigner SolarWinds

MEDIUM: 4.8CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status

unaffected

2025.1.1 and previous versions

affected

Credits

SolarWinds would like to thank Shahzin Sajid, Al Sabah Salim, and Shabeer Ali from the QatarEnergyLNG SOC team for reporting on the issue in a responsible manner. finder

References

www.solarwinds.com/...ter/security-advisories/CVE-2025-26394

documentation.solarwinds.com/...hco_2025-2_release_notes.htm

cve.org (CVE-2025-26394)

nvd.nist.gov (CVE-2025-26394)

Download JSON