CVE-2025-40545 MEDIUM

CVE-2025-40545: SolarWinds Observability Self-Hosted Open Redirection Vulnerability

Vendor Solarwinds

Product SolarWinds Observability Self-Hosted

Weakness CWE-601 · Open redirect

Published November 18, 2025

Last update November 18, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Adjacent

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Key dates

02Disclosure timeline

November 18, 2025 CVE published

November 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-40545

Related vulnerabilities

Identifiers

CVE CVE-2025-40545

CWE CWE-601

CVSS 4.8 / MEDIUM

Affected versions