CVE-2025-26393 MEDIUM

CVE-2025-26393: SolarWinds Service Desk Broken Access Control Vulnerability

Vendor Solarwinds
Product Service Desk
Weakness CWE-653
Published March 17, 2025
Last update March 18, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

SolarWinds Service Desk is affected by a broken access control vulnerability. The issue allows authenticated users to escalate privileges, leading to unauthorized data manipulation.

Key dates

02Disclosure timeline

March 17, 2025 CVE published
March 18, 2025 Record updated