Browse all 166 CVE security advisories affecting SolarWinds. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SolarWinds provides IT management and monitoring software, primarily serving enterprise networks through its Orion platform. Historically, its applications have exhibited vulnerabilities typical of complex enterprise suites, including remote code execution, cross-site scripting, and privilege escalation flaws. These weaknesses often stem from intricate integration points and legacy codebases. The most significant security incident occurred in 2020, when a supply chain attack compromised the software’s update mechanism, allowing threat actors to insert malicious code into legitimate updates. This breach affected numerous government agencies and private corporations, exposing sensitive data and compromising network integrity. The incident highlighted critical risks in software supply chains and led to widespread scrutiny of the company’s development and security practices. Consequently, SolarWinds has implemented stricter security controls and transparency measures to restore trust and mitigate future risks associated with its widely deployed infrastructure tools.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-26393 | SolarWinds Service Desk Broken Access Control Vulnerability — Service DeskCWE-653 | 5.4 | Medium | 2025-03-17 |
This page lists every published CVE security advisory associated with SolarWinds. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.