Can you explain this vulnerability to me?

CVE-2025-26395 is a DOM-based reflective cross-site scripting (XSS) vulnerability in SolarWinds Observability Self-Hosted (SWOSH) versions 2025.1.1 and earlier. It occurs because an unsanitized field in the URL allows malicious scripts to be executed. Exploiting this vulnerability requires the attacker to have administrator-level authentication and for the user to interact with the malicious content. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to the execution of malicious scripts within the context of an administrator's session, potentially compromising confidentiality with high impact, causing some integrity and availability issues with low impact. Since it requires administrator privileges and user interaction, an attacker could leverage it to access sensitive data or perform unauthorized actions within the affected system. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves verifying the version of SolarWinds Observability Self-Hosted (SWOSH) installed. Specifically, versions 2025.1.1 and earlier are vulnerable. There are no specific network or system commands provided to detect exploitation attempts. Checking the installed version can be done by reviewing the application version information or using administrative tools to query the software version. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade SolarWinds SWOSH to version 2025.2 or later, where the vulnerability has been fixed. Additionally, limit administrator-level access and educate users to avoid interacting with suspicious URLs to reduce risk. [1]

Useful 0 Not Useful 0