CVE-2025-26400
MEDIUM WAF: High
CVSS 6.5
Published: 2025-07-29
CWE-611
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| solarwinds | web_help_desk | up to 12.8.7 |
References
- documentation.solarwinds.com (Release Notes, Vendor Advisory)
- www.solarwinds.com (Patch, Vendor Advisory)