SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title SolarWinds Observability Self-Hosted Deserialization of Untrusted Data Local Privilege Escalation Vulnerability
Type cve
Published 2025-07-24T07:57:53.475Z
Modified 2025-07-24T07:57:53.475Z

Product Information

Vendor SolarWinds
Product SolarWinds Observability Self-Hosted
Version 2025.2 and previous versions

CVSS Information

Base Score 7.8 (HIGH)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

  • SolarWinds SolarWinds Observability Self-Hosted 2025.2 and previous versions

Additional Information

CWE List CWE-502
Source SolarWinds

Description

SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.