CVE-2025-26400 Information
Jul 30, 2025
cve
Description
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid low-privilege access is required unless the attacker had access to the local server to modify configuration files.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Reference
https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26400
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3
Related CNNVD
CNNVD-202507-3590 (Published: 2025-07-29)
Share on: