SolarWinds Releases Critical Hotfix for Web Help Desk Vulnerability
SolarWinds has recently rolled out a hotfix aimed at addressing a significant remote code execution (RCE) vulnerability in its Web Help Desk (WHD) software. This vulnerability, now marked as CVE-2025-26399, represents the third attempt to patch an issue that initially surfaced as CVE-2024-28986. The urgency of this release highlights the importance of swift action in the realm of cybersecurity.
Understanding the Vulnerability: CVE-2025-26399
The vulnerability specifically affects Web Help Desk version 12.8.7, which is the latest iteration of the software tailored for mid-sized and large organizations. Widely utilized for managing IT support requests, automating workflows, tracking assets, and adhering to compliance requirements, the software plays a crucial role in organizational IT frameworks. The core issue lies in unsafe deserialization within the AjaxProxy component, which allows unauthenticated attackers to execute arbitrary code on the host system.
According to a security bulletin released by SolarWinds on September 23, 2025, CVE-2025-26399 is described as a patch bypass pertaining to CVE-2024-28988, which was itself a bypass of the original vulnerability CVE-2024-28986. This chain of vulnerabilities has prompted a heightened focus on cybersecurity, as each iteration introduces risks to operational integrity.
The vulnerability has been rated a critical 9.8 on the CVSS scale, indicating it poses a serious threat to systems running the affected version. Notably, the exploitation does not require user interaction or authentication, making it even more alarming for organizations relying on this software.
Hotfix Details and Installation Instructions
The new patch, Web Help Desk 12.8.7 Hotfix 1, includes several modifications to core components of the application to mitigate the deserialization issue. Affected files include:
whd-core.jarwhd-web.jarwhd-persistence.jarHikariCP.jar(added)
Administrators seeking to apply the patch should start by stopping the WHD service. It’s crucial to back up and replace the specified .jar files located in the application’s /lib directory before restarting the system. Be aware that this hotfix is exclusively compatible with WHD version 12.8.7.
The installation process will vary based on the operating system. The default installation paths for the hotfix are as follows:
- macOS:
/Library/WebHelpDesk - Windows:
\Program Files\WebHelpDesk - Linux:
/usr/local/webhelpdesk
Complete installation guidelines and the hotfix package can be accessed through the SolarWinds Customer Portal. Additionally, administrators should consult the WHD 12.8.7 Hotfix 1 Administrator Guide for a comprehensive overview of deployment procedures.
Continuous Security Challenges Surrounding CVE-2025-26399
This ongoing vulnerability in SolarWinds’ software has escalated concerns within the cybersecurity community regarding the necessity for robust patch validation and quality assurance processes. While the company has taken steps to remedy this issue through successive updates, the repeated instances of bypass emphasize that the root cause may not have been adequately addressed.
SolarWinds emphasizes the critical nature of this update, encouraging customers who have installed Web Help Desk version 12.8.7 to download and apply Hotfix 1.
Organizations using WHD should also remain vigilant about aligning their installations with the software’s end-of-life (EOL) policies and upgrade paths. Recent releases have halted support for FIPS configuration files, prompting additional compliance steps for federal deployments.
Security teams leveraging SolarWinds Web Help Desk must evaluate their exposure and prioritize implementing Hotfix 1 to safeguard their systems from potential exploitation stemming from this critical vulnerability.
This article aims to provide essential information for organizations utilizing SolarWinds Web Help Desk software, emphasizing the need for prompt action in light of serious security vulnerabilities.
