CVE-2025-26394

Published: Jun 10, 2025Modified: Nov 12, 2025

4.8

Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: psirt@solarwinds.com (Secondary)

Description

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Affected (1)

Products: Solarwinds: Observability Self Hosted

1 product

Observability Self Hosted

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Observability Self Hosted	Before 2025.2

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-2_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26394

Source: psirt@solarwinds.com

PatchVendor Advisory

Timeline

No history available yet.