Plateforme
windows
Composant
dameware-mini-remote-control-service
Corrigé dans
12.3.2
CVE-2025-26396 describes a Privilege Escalation vulnerability discovered in SolarWinds Dameware Mini Remote Control. Successful exploitation allows an attacker with local access and a low-privilege account to elevate their privileges on the affected system. This vulnerability impacts versions of Dameware Mini Remote Control up to and including 12.3.1.20, and a fix is available in version 12.3.2.
This vulnerability presents a significant risk to organizations using Dameware Mini Remote Control. An attacker who has already gained a foothold on a system, even with limited privileges, can leverage this flaw to escalate their access to SYSTEM level privileges. This grants them complete control over the compromised machine, enabling them to install malware, steal sensitive data, modify system configurations, and potentially move laterally within the network. The requirement for local access limits the immediate impact to systems directly accessible by an attacker, but the potential for privilege escalation significantly expands the blast radius of a successful compromise.
CVE-2025-26396 was publicly disclosed on June 2, 2025. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. Organizations should prioritize patching to mitigate the risk.
Organizations heavily reliant on remote administration tools like Dameware Mini Remote Control, particularly those with legacy systems or configurations that grant broad local access privileges, are at increased risk. Shared hosting environments where multiple users share access to the same server are also vulnerable.
• windows / supply-chain:
Get-Process -Name DamewareMiniRemoteControl | Select-Object -ExpandProperty ProcessId• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4688 -MessageText like '%DamewareMiniRemoteControl%'"• windows / supply-chain:
reg query "HKLM\SOFTWARE\SolarWinds\Dameware\Mini Remote Control" /v Versiondisclosure
Statut de l'Exploit
EPSS
0.02% (percentile 5%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-26396 is to upgrade Dameware Mini Remote Control to version 12.3.2 or later. If immediate upgrading is not feasible due to compatibility concerns or testing requirements, consider implementing stricter local account privilege controls and limiting the use of Dameware Mini Remote Control to only essential tasks. Review existing access controls and ensure that only authorized personnel have access to systems running Dameware Mini Remote Control. While a direct WAF rule is unlikely, monitoring for unusual process execution originating from the Dameware Mini Remote Control service can provide early detection.
Actualice Dameware Mini Remote Control Service a la versión 12.3.2 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios local debido a permisos incorrectos. La nueva versión está disponible en el sitio web de SolarWinds.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-26396 is a vulnerability in Dameware Mini Remote Control allowing attackers with local access to escalate privileges to SYSTEM level. It has a CVSS score of 7.8 (HIGH).
You are affected if you are using Dameware Mini Remote Control versions 12.3.1.20 or earlier. Check your version and upgrade accordingly.
Upgrade Dameware Mini Remote Control to version 12.3.2 or later to patch the vulnerability. If immediate upgrade is not possible, implement stricter local account privilege controls.
As of June 2, 2025, there are no confirmed reports of active exploitation, but the vulnerability has been added to the CISA KEV catalog, indicating a medium probability.
Refer to the official SolarWinds security advisory for detailed information and updates: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.