September 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple SAP Products Vulnerabilities
June 12, 2025
Multiple Microsoft Products Vulnerabilities
June 12, 2025
Multiple SAP Products Vulnerabilities
June 12, 2025
Multiple Microsoft Products Vulnerabilities
June 12, 2025
Severity
Medium
Analysis Summary
CVE-2025-26395 CVSS:7.1
SolarWinds SWOSH is vulnerable to a stored cross-site scripting vulnerability due to an unsanitized field in the URL. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2025-26394 CVSS:4.8
SolarWinds SWOSH could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites
Impact
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-26395
CVE-2025-26394
Affected Vendors
SolarWinds
Affected Products
- SolarWinds SWOSH - 2025.1.1
Remediation
Refer to SolarWinds Security Advisory for patch, upgrade, or suggested workaround information.