fkie_cve-2025-26400
Vulnerability from fkie_nvd
Published
2025-07-29 08:15
Modified
2025-07-29 14:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
References
psirt@solarwinds.comhttps://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm
psirt@solarwinds.comhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files."
    },
    {
      "lang": "es",
      "value": "Se inform\u00f3 que SolarWinds Web Help Desk se vio afectado por una vulnerabilidad de inyecci\u00f3n de entidades externas XML (XXE) que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n. Se requiere un acceso v\u00e1lido con privilegios bajos, a menos que el atacante tuviera acceso al servidor local para modificar los archivos de configuraci\u00f3n."
    }
  ],
  "id": "CVE-2025-26400",
  "lastModified": "2025-07-29T14:14:29.590",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@solarwinds.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-29T08:15:26.053",
  "references": [
    {
      "source": "psirt@solarwinds.com",
      "url": "https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm"
    },
    {
      "source": "psirt@solarwinds.com",
      "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400"
    }
  ],
  "sourceIdentifier": "psirt@solarwinds.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "psirt@solarwinds.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.