CVE-2025-26394

Medium CVSS: 4.8

SolarWinds Observability Self-Hosted

is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Vendor

Solarwinds

Product

Observability Self-hosted

CWE

CWE-601

Yayın Tarihi

2025-06-10 15:15:23

Güncelleme

2025-11-12 19:17:42

Source Identifier

psirt@solarwinds.com

KEV Date Added

Kategoriler

CWE-601 Observability Self-hosted MEDIUM Solarwinds 2025

Referanslar

https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/hco_2025-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26394

Benzer Kayıtlar

Medium

CVE-2026-28297

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when…

Medium

CVE-2026-28298

SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when…

Critical

CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arb…

Critical

CVE-2025-40541

An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor…

Critical

CVE-2025-40538

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to crea…

Critical

CVE-2025-40539

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arb…