CVE-2025-26396

Description

The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

SolarWinds / Dameware Mini Remote Control Service12.3.1.20 and prior versions – 12.3.1.20 and prior versions

References

VENDOR_ADVISORYhttps://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26396
MISChttps://documentation.solarwinds.com/en/success_center/dameware/content/release_notes/dameware_12-3-2_release_notes.htm