Primary

Context

SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability

Vulnerability

A local privilege escalation vulnerability has been identified in SolarWinds Observability Self-Hosted versions through 2025.2. This vulnerability arises from the deserialization of untrusted data, allowing an attacker with low privileges to escalate rights and execute malicious files placed in a permission-protected directory. Exploitation requires authentication from a low-level account and local access to the host server.

Impact

Successful exploitation of this vulnerability allows for local privilege escalation, enabling an attacker to execute malicious files with elevated rights.

Remediation

Users can upgrade to SolarWinds Observability Self-Hosted version 2025.2.1 to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating