Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

SolarWinds Web Help Desk AjaxProxy Deserialization Remote Code Execution Vulnerability

Vulnerability

Exploited

Patched

A remote code execution vulnerability has been identified in SolarWinds Web Help Desk versions through 12.8.7 Hotfix 1. This vulnerability arises from unauthenticated deserialization of untrusted data by the AjaxProxy, allowing attackers to execute commands on the host machine. Notably, this issue represents a patch bypass of CVE-2024-28988, which itself bypasses CVE-2024-28986.

Impact

Exploitation of this vulnerability allows for remote code execution on the host machine.

Remediation

Users can upgrade to SolarWinds Web Help Desk 12.8.7 Hotfix 1, available through the SolarWinds Customer Portal. Instructions for installing this hotfix are included in the Web Help Desk 12.8.7 Hotfix 1 Administrator Guide.

Added: Sep 23, 2025, 5:19 AM

Updated: Mar 9, 2026, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.5

threat

8.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.5

threat

8.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

SolarWinds Web Help Desk AjaxProxy Deserialization Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SolarWinds Web Help Desk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating