Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Dameware Mini Remote Control Service by SolarWinds
CVE-2025-26396 (GCVE-0-2025-26396)
Vulnerability from cvelistv5 – Published: 2025-06-02 13:04 – Updated: 2026-02-26 18:27
VLAI
Title
SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability
Summary
The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Dameware Mini Remote Control Service |
Affected:
12.3.1.20 and prior versions
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T03:56:00.198419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:44.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Dameware Mini Remote Control Service",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.3.1.20 and prior versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Alexander Pudwill working with Trend Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\n\n\n\n\n\nThe SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability. \u0026nbsp; \u003cbr\u003e\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:03:36.346Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26396"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/dameware/content/release_notes/dameware_12-3-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eSolarWinds recommends that customers upgrade to SolarWinds Dameware Mini Remote Control\u0026nbsp;12.3.2 as soon as it becomes available.\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Dameware Mini Remote Control\u00a012.3.2 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26396",
"datePublished": "2025-06-02T13:04:19.648Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2026-02-26T18:27:44.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-26396 (GCVE-0-2025-26396)
Vulnerability from nvd – Published: 2025-06-02 13:04 – Updated: 2026-02-26 18:27
VLAI
Title
SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability
Summary
The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SolarWinds | Dameware Mini Remote Control Service |
Affected:
12.3.1.20 and prior versions
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T03:56:00.198419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:44.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Dameware Mini Remote Control Service",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "12.3.1.20 and prior versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Alexander Pudwill working with Trend Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\n\n\n\n\n\nThe SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability. \u0026nbsp; \u003cbr\u003e\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:03:36.346Z",
"orgId": "49f11609-934d-4621-84e6-e02e032104d6",
"shortName": "SolarWinds"
},
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26396"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/dameware/content/release_notes/dameware_12-3-2_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003eSolarWinds recommends that customers upgrade to SolarWinds Dameware Mini Remote Control\u0026nbsp;12.3.2 as soon as it becomes available.\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "SolarWinds recommends that customers upgrade to SolarWinds Dameware Mini Remote Control\u00a012.3.2 as soon as it becomes available."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "49f11609-934d-4621-84e6-e02e032104d6",
"assignerShortName": "SolarWinds",
"cveId": "CVE-2025-26396",
"datePublished": "2025-06-02T13:04:19.648Z",
"dateReserved": "2025-02-08T00:19:09.395Z",
"dateUpdated": "2026-02-26T18:27:44.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}