CVE Details
Basic Information
| Title | SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability |
|---|---|
| Type | cve |
| Published | 2025-07-29T08:07:38.230Z |
| Modified | 2025-07-29T08:07:38.230Z |
Product Information
| Vendor | SolarWinds |
|---|---|
| Product | Web Help Desk |
| Version | 12.8.6 and previous versions |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
AI Analysis
| AI Description | SolarWinds Web Help Desk is vulnerable to an XML External Entity Injection (XXE) attack, which could lead to information disclosure. This vulnerability requires low-privilege access and may involve modifying server configurations. |
|---|---|
| AI Severity | Medium |
| AI Vendor | SolarWinds |
| AI Product | Web Help Desk |
| AI Version | 12.8.6 and earlier versions |
Affected Products
- SolarWinds Web Help Desk 12.8.6 and previous versions
Additional Information
| CWE List | CWE-611 |
|---|---|
| Source | SolarWinds |
Description
SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.