Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

SolarWinds warns over dangerous RCE flaw | Computer Weekly

By Computer Weekly by By Computer Weekly
September 23, 2025
Home Uncategorized
Share on FacebookShare on Twitter


SolarWinds is urging users of its Web Help Desk helpdesk ticketing and asset management software to ensure their instances are up-to-date after patching a newly-uncovered remote code execution (RCE) flaw.

Tracked as CVE-2025-26399, the bug bypasses a fix for a previous flaw, CVE-2024-28988, which was discovered and disclosed by Guy Lederfein of Trend Micro Security Research 12 months ago, in September 2024. However, in a twist reminiscent of the nursery rhyme about old ladies swallowing spiders to catch flies, CVE-2024-28988 itself bypassed a fix for a third issue, CVE-2024-28986.

Like the preceeding vulnerabilities, the latest issue once again takes the form of an unauthenticated AjaxProxy deserialisation RCE vulnerability that enables a threat actor to run commands on the host machine, should they succeed in exploiting it.

A warning from history

Computer Weekly understands that there is currently no evidence of any threat actors having exploited CVE-2025-26399 in the wild.

However, SolarWinds’ Web Help Desk tool is in extensive use at major enterprises and government and public sector bodies alike, and the earlier ‘versions’ of the new flaw were considered serious enough to be added to the Known Exploited Vulnerabilities catalogue run by the US’ Cybersecurity and Infrastructure Security Agency (CISA).

The addition of a bug to the KEV catalogue obliges all agencies of the federal civilian executive branch (FCEB) in the US to take action to address them in a specific timeframe, but the list also serves as a useful indicator of which flaws organisations should be prioritising to patch.

In light of this, it is highly-probable that CVE-2025-26399 will be targeted by threat actors in the very near future, if such activity has not already started.

Furthermore, the events of the 2020-2021 Solorigate/Sunburst incident impacting SolarWinds users also serves as a warning from history, according to Ryan Dewhurst, head of proactive threat intelligence at watchTowr, an exposure management specialist, who noted that SolarWinds is a name that “needs no introduction” in cyber security circles.

“The infamous supply chain attack… allowed months long access into multiple Western government agencies and left a lasting mark on the industry. Fast forward to 2024: an unauthenticated remote deserialisation vulnerability was patched… then patched again. And now, here we are with yet another addressing the very same flaw. Third time’s the charm?” said Dewhurst.

“The original bug was actively exploited in the wild, and while we’re not yet aware of active exploitation of this latest patch bypass, history suggests it’s only a matter of time.”

The Sunburst incident saw almost 20,000 SolarWinds customers download and install a malicious update to the firm’s Orion platform, with prominent victims including US government bodies such as the Department of Energy (DoE) and the National Nuclear Safety Administration (NNSA) that maintains America’s nuclear arsenal.

Earlier this year SolarWinds and the Securities and Exchange Commission (SEC) reached a settlement in principle resolving a case against the organisation and its security leadership over the circumstances that led to the compromise of Orion.



Source link

By Computer Weekly

By Computer Weekly

Next Post
Stocks making the biggest moves premarket: Firefly Aerospace, AutoZone, Kenvue & more

Stocks making the biggest moves premarket: Firefly Aerospace, AutoZone, Kenvue & more

Recommended.

Google Cloud Next: The 10 Biggest Google Product Launches

Google Cloud Next: The 10 Biggest Google Product Launches

April 9, 2025
Arctic Wolf CEO On ‘Re-Energized’ MSP Program, Endpoint Security Expansion

Arctic Wolf CEO On ‘Re-Energized’ MSP Program, Endpoint Security Expansion

June 12, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio