CVE-2025-26397

Published: Jul 24, 2025Modified: Nov 12, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@solarwinds.com (Secondary)

Description

SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server.

Affected (1)

Products: Solarwinds: Observability Self Hosted

1 product

Observability Self Hosted

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Observability Self Hosted	Before 2025.2.1

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-2-1_release_notes.htm

Source: psirt@solarwinds.com

Release Notes

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26397

Source: psirt@solarwinds.com

PatchVendor Advisory

Timeline

No history available yet.