CVE-2025-26393

Published: Mar 17, 2025Modified: Mar 17, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: psirt@solarwinds.com (Secondary)

Description

SolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation.

Related CWEs

CWE-653

Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

References (1)

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26393

Source: psirt@solarwinds.com

Timeline

No history available yet.