免费扫描
HIGHCVE-2025-26396CVSS 7.8

SolarWinds Dameware Mini Remote Control 服务不正确的权限本地权限提升漏洞

平台

windows

组件

dameware-mini-remote-control-service

修复版本

12.3.2

AI Confidence: highNVDEPSS 0.0%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2025-26396 describes a Privilege Escalation vulnerability discovered in SolarWinds Dameware Mini Remote Control. Successful exploitation allows an attacker with local access and a low-privilege account to elevate their privileges on the affected system. This vulnerability impacts versions of Dameware Mini Remote Control up to and including 12.3.1.20, and a fix is available in version 12.3.2.

影响与攻击场景翻译中…

This vulnerability presents a significant risk to organizations using Dameware Mini Remote Control. An attacker who has already gained a foothold on a system, even with limited privileges, can leverage this flaw to escalate their access to SYSTEM level privileges. This grants them complete control over the compromised machine, enabling them to install malware, steal sensitive data, modify system configurations, and potentially move laterally within the network. The requirement for local access limits the immediate impact to systems directly accessible by an attacker, but the potential for privilege escalation significantly expands the blast radius of a successful compromise.

利用背景翻译中…

CVE-2025-26396 was publicly disclosed on June 2, 2025. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. Organizations should prioritize patching to mitigate the risk.

哪些人处于风险中翻译中…

Organizations heavily reliant on remote administration tools like Dameware Mini Remote Control, particularly those with legacy systems or configurations that grant broad local access privileges, are at increased risk. Shared hosting environments where multiple users share access to the same server are also vulnerable.

检测步骤翻译中…

• windows / supply-chain:

Get-Process -Name DamewareMiniRemoteControl | Select-Object -ExpandProperty ProcessId

• windows / supply-chain:

Get-WinEvent -LogName Security -Filter "EventID = 4688 -MessageText like '%DamewareMiniRemoteControl%'"

• windows / supply-chain:

reg query "HKLM\SOFTWARE\SolarWinds\Dameware\Mini Remote Control" /v Version

攻击时间线

  1. Disclosure

    disclosure

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.02% (5% 百分位)

CISA SSVC

利用情况none
可自动化no
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.8HIGHAttack VectorLocal攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredLow攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeUnchanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
本地 — 攻击者需要系统上的本地会话或Shell。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
低 — 任何有效用户账户均可。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
未改变 — 影响仅限于脆弱组件本身。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件dameware-mini-remote-control-service
供应商SolarWinds
影响范围修复版本
12.3.1.20 and prior versions – 12.3.1.20 and prior versions12.3.2

弱点分类 (CWE)

CWE-269

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2025-26396 is to upgrade Dameware Mini Remote Control to version 12.3.2 or later. If immediate upgrading is not feasible due to compatibility concerns or testing requirements, consider implementing stricter local account privilege controls and limiting the use of Dameware Mini Remote Control to only essential tasks. Review existing access controls and ensure that only authorized personnel have access to systems running Dameware Mini Remote Control. While a direct WAF rule is unlikely, monitoring for unusual process execution originating from the Dameware Mini Remote Control service can provide early detection.

修复方法翻译中…

Actualice Dameware Mini Remote Control Service a la versión 12.3.2 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios local debido a permisos incorrectos. La nueva versión está disponible en el sitio web de SolarWinds.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2025-26396 — Privilege Escalation in Dameware Mini Remote Control?

CVE-2025-26396 is a vulnerability in Dameware Mini Remote Control allowing attackers with local access to escalate privileges to SYSTEM level. It has a CVSS score of 7.8 (HIGH).

Am I affected by CVE-2025-26396 in Dameware Mini Remote Control?

You are affected if you are using Dameware Mini Remote Control versions 12.3.1.20 or earlier. Check your version and upgrade accordingly.

How do I fix CVE-2025-26396 in Dameware Mini Remote Control?

Upgrade Dameware Mini Remote Control to version 12.3.2 or later to patch the vulnerability. If immediate upgrade is not possible, implement stricter local account privilege controls.

Is CVE-2025-26396 being actively exploited?

As of June 2, 2025, there are no confirmed reports of active exploitation, but the vulnerability has been added to the CISA KEV catalog, indicating a medium probability.

Where can I find the official SolarWinds advisory for CVE-2025-26396?

Refer to the official SolarWinds security advisory for detailed information and updates: [https://www.solarwinds.com/securityadvisories](https://www.solarwinds.com/securityadvisories)

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE