CVE-2025-40545 | THREATINT

Description

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-18 | Updated 2025-11-18 | Assigner SolarWinds

MEDIUM: 4.8CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status

affected

SolarWinds Observability Self-Hosted 2025.4 and prior versions

affected

Credits

Frédéric Goossens reporter

References

www.solarwinds.com/...ter/security-advisories/CVE-2025-40545

documentation.solarwinds.com/...o_2025-4-1_release_notes.htm

cve.org (CVE-2025-40545)

nvd.nist.gov (CVE-2025-40545)

Download JSON