Plattform
windows
Komponente
dameware-mini-remote-control-service
Behoben in
12.3.2
CVE-2025-26396 identifies a Privilege Escalation vulnerability within the SolarWinds Dameware Mini Remote Control Service. Successful exploitation allows an attacker with local access and a low-privilege account to elevate their privileges on the system. This vulnerability impacts versions of Dameware Mini Remote Control up to and including 12.3.1.20, with a fix available in version 12.3.2.
This vulnerability poses a significant risk as it enables an attacker to escalate privileges from a low-privilege user account to a higher-privileged account, potentially gaining full control of the affected system. An attacker could leverage this to install malware, steal sensitive data, modify system configurations, or move laterally within the network. The requirement for local access limits the immediate scope, but combined with other vulnerabilities or social engineering tactics, it can be a stepping stone for broader compromise. The impact is amplified in environments where Dameware Mini Remote Control is used for remote administration, as compromised accounts could be used to access multiple systems.
CVE-2025-26396 was publicly disclosed on June 2, 2025. The vulnerability's requirement for local access suggests a lower probability of widespread exploitation compared to remote code execution vulnerabilities. There is currently no indication of active exploitation campaigns targeting this vulnerability, but the ease of local privilege escalation makes it a potential target for opportunistic attackers. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation.
Organizations heavily reliant on remote administration tools like Dameware Mini Remote Control, particularly those with legacy systems or configurations that grant broad local access privileges, are at increased risk. Shared hosting environments where multiple users share access to the same server are also vulnerable.
• windows / supply-chain:
Get-Process -Name DamewareMiniRemoteControl | Select-Object -ExpandProperty ProcessId• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4688 -MessageText like '%DamewareMiniRemoteControl%'"• windows / supply-chain:
reg query "HKLM\SOFTWARE\SolarWinds\Dameware\Mini Remote Control" /v Versiondisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-26396 is to upgrade Dameware Mini Remote Control to version 12.3.2 or later. If an immediate upgrade is not feasible, consider restricting local access to the Dameware Mini Remote Control service and implementing stricter account privilege controls. Review existing Dameware configurations to ensure least privilege principles are followed. Monitor system logs for suspicious activity related to Dameware Remote Control, particularly failed login attempts or unusual process execution. After upgrading, confirm the vulnerability is resolved by attempting to reproduce the exploitation scenario with a low-privilege account and verifying that privilege escalation is prevented.
Actualice Dameware Mini Remote Control Service a la versión 12.3.2 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios local debido a permisos incorrectos. La nueva versión está disponible en el sitio web de SolarWinds.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-26396 is a vulnerability in Dameware Mini Remote Control allowing attackers with local access to escalate privileges to SYSTEM level. It has a CVSS score of 7.8 (HIGH).
You are affected if you are using Dameware Mini Remote Control versions 12.3.1.20 or earlier. Check your version and upgrade accordingly.
Upgrade Dameware Mini Remote Control to version 12.3.2 or later to patch the vulnerability. If immediate upgrade is not possible, implement stricter local account privilege controls.
As of June 2, 2025, there are no confirmed reports of active exploitation, but the vulnerability has been added to the CISA KEV catalog, indicating a medium probability.
Refer to the official SolarWinds security advisory for detailed information and updates: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.