We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-26400

SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability



Description

SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.

Reserved 2025-02-08 | Published 2025-07-29 | Updated 2025-07-29 | Assigner SolarWinds


MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-611 Improper Restriction of XML External Entity Reference

Product status

Default status
affected

12.8.6 and previous versions
affected

Credits

DieuLink, Nhiephon, and chung96vn from GCSC Vietnam reporter

References

www.solarwinds.com/...ter/security-advisories/CVE-2025-26400

documentation.solarwinds.com/...whd_12-8-7_release_notes.htm

cve.org (CVE-2025-26400)

nvd.nist.gov (CVE-2025-26400)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-26400

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.