CVE-2025-40545

Published: Nov 18, 2025Modified: Nov 24, 2025

4.4

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.3 / Impact: 2.7

Source: NVD

Description

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Affected (1)

Products: Solarwinds: Observability Self Hosted

1 product

Observability Self Hosted

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Observability Self Hosted	Before 2025.4.1

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-4-1_release_notes.htm

Source: psirt@solarwinds.com

Release NotesVendor Advisory

https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40545

Source: psirt@solarwinds.com

Vendor Advisory

Timeline

No history available yet.