Platform
windows
Component
dameware-mini-remote-control-service
Fixed in
12.3.2
CVE-2025-26396 describes a Privilege Escalation vulnerability discovered in SolarWinds Dameware Mini Remote Control. Successful exploitation allows an attacker with local access and a low-privilege account to elevate their privileges on the affected system. This vulnerability impacts versions of Dameware Mini Remote Control up to and including 12.3.1.20, and a fix is available in version 12.3.2.
This vulnerability presents a significant risk to organizations using Dameware Mini Remote Control. An attacker who has already gained a foothold on a system, even with limited privileges, can leverage this flaw to escalate their access to SYSTEM level privileges. This grants them complete control over the compromised machine, enabling them to install malware, steal sensitive data, modify system configurations, and potentially move laterally within the network. The requirement for local access limits the immediate impact to systems directly accessible by an attacker, but the potential for privilege escalation significantly expands the blast radius of a successful compromise.
CVE-2025-26396 was publicly disclosed on June 2, 2025. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. Organizations should prioritize patching to mitigate the risk.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-26396 is to upgrade Dameware Mini Remote Control to version 12.3.2 or later. If immediate upgrading is not feasible due to compatibility concerns or testing requirements, consider implementing stricter local account privilege controls and limiting the use of Dameware Mini Remote Control to only essential tasks. Review existing access controls and ensure that only authorized personnel have access to systems running Dameware Mini Remote Control. While a direct WAF rule is unlikely, monitoring for unusual process execution originating from the Dameware Mini Remote Control service can provide early detection.
Actualice Dameware Mini Remote Control Service a la versión 12.3.2 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios local debido a permisos incorrectos. La nueva versión está disponible en el sitio web de SolarWinds.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-26396 is a vulnerability in Dameware Mini Remote Control allowing attackers with local access to escalate privileges to SYSTEM level. It has a CVSS score of 7.8 (HIGH).
You are affected if you are using Dameware Mini Remote Control versions 12.3.1.20 or earlier. Check your version and upgrade accordingly.
Upgrade Dameware Mini Remote Control to version 12.3.2 or later to patch the vulnerability. If immediate upgrade is not possible, implement stricter local account privilege controls.
As of June 2, 2025, there are no confirmed reports of active exploitation, but the vulnerability has been added to the CISA KEV catalog, indicating a medium probability.
Refer to the official SolarWinds security advisory for detailed information and updates: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.