Cybersecurity Vulnerabilities

Urgent: Open Redirection Flaw Discovered in SolarWinds Observability Self-Hosted (CVE-2025-40545)

November 18, 2025 - By 

Overview

CVE-2025-40545 details an open redirection vulnerability found in SolarWinds Observability Self-Hosted. This security flaw allows attackers to potentially redirect users to malicious websites by manipulating the URL parameters. While the attack complexity is considered high and authentication is required, the impact can still be significant. It’s crucial to understand the technical details and implement the recommended mitigation steps.

Technical Details

The vulnerability arises from insufficient sanitization of URL parameters within the SolarWinds Observability Self-Hosted application. An attacker could craft a malicious URL containing a redirect payload. If a legitimate, authenticated user clicks on this crafted link, they could be unknowingly redirected to a phishing site or a website hosting malware. The complexity is high as it requires tricking a user into clicking the malicious link after they have already authenticated.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) assigns this vulnerability a score of 4.8, classifying it as MEDIUM severity. The CVSS vector is likely similar to AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N (Network, High Attack Complexity, Low Privileges Required, User Interaction Required, Scope Changed, Low Confidentiality Impact, Low Integrity Impact, No Availability Impact).

Possible Impact

Successful exploitation of this vulnerability could lead to:

  • Phishing Attacks: Redirect users to fake login pages to steal credentials.
  • Malware Distribution: Redirect users to sites hosting malicious software.
  • Reputation Damage: Compromise the trust users have in SolarWinds Observability Self-Hosted.

Mitigation and Patch Steps

SolarWinds has released a patch to address this vulnerability. It is strongly recommended to upgrade to SolarWinds Observability Self-Hosted version 2025.4.1 or later. Follow these steps:

  1. Backup your SolarWinds Observability Self-Hosted instance.
  2. Download the latest version from the SolarWinds Customer Portal.
  3. Follow the upgrade instructions provided in the release notes.
  4. Verify the installation and functionality of the updated system.

Refer to the SolarWinds documentation for detailed upgrade instructions.

References

SolarWinds Observability Self-Hosted 2025.4.1 Release Notes (SolarWinds Documentation)
SolarWinds Security Advisory for CVE-2025-40545 (SolarWinds Trust Center)

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *