{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T05:54:01.042","vulnerabilities":[{"cve":{"id":"CVE-2025-26397","sourceIdentifier":"psirt@solarwinds.com","published":"2025-07-24T08:15:30.113","lastModified":"2026-06-17T09:01:42.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server."},{"lang":"es","value":"SolarWinds Observability Self-Hosted es susceptible a la vulnerabilidad de escalada de privilegios locales por deserialización de datos no confiables. Un atacante con privilegios bajos puede escalarlos para ejecutar archivos maliciosos copiados a una carpeta protegida con permisos. Esta vulnerabilidad requiere autenticación desde una cuenta de bajo nivel y acceso local al servidor host."}],"affected":[{"source":"psirt@solarwinds.com","affectedData":[{"vendor":"SolarWinds","product":"SolarWinds Observability Self-Hosted","defaultStatus":"affected","versions":[{"version":"2025.2 and previous versions","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@solarwinds.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-07-24T13:16:31.758943Z","id":"CVE-2025-26397","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@solarwinds.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:solarwinds:observability_self-hosted:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.2.1","matchCriteriaId":"E273BD8E-ACFA-4FB6-8B4E-CB9B581E66B1"}]}]}],"references":[{"url":"https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2025-2-1_release_notes.htm","source":"psirt@solarwinds.com","tags":["Release Notes"]},{"url":"https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26397","source":"psirt@solarwinds.com","tags":["Patch","Vendor Advisory"]}]}}]}