Week 39 – When the Postman is a Hacker: WHD’s AjaxProxy Leads to Total Compromise

22 – 28 Sept 2025

SolarWinds Web Help Desk (WHD) is a comprehensive help desk and ticketing solution designed for medium to large organizations. It supports IT support request tracking, workflow automation, asset management, and compliance monitoring in enterprise environments.

Our current CVE of the Week highlights a critical vulnerability with a CVSS score of 9.8, which is a patch bypass of CVE-2024-28988 — itself a bypass of CVE-2024-28986, originally disclosed in August 2024.

SolarWinds WHD was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. The specific flaw exists within the AjaxProxy. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.

SolarWinds released Web Help Desk 12.8.7 Hotfix 1 to address CVE-2025-26399 on the 23rd of September. The release notes contain detailed instructions on how to apply the hotfix.

While there is no evidence of the vulnerability being exploited in the wild, users are advised to update their instances to SolarWinds Web Help Desk 12.8.7 HF1 for optimal protection.

Official release notes can be found here: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.