CVE-2025-26396

HIGH 7.8

SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.

CWE	CWE-269
Vendor	solarwinds
Product	dameware mini remote control service
Published	Jun 2, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for solarwinds dameware mini remote control service

Be the first to know when new high vulnerabilities affecting solarwinds dameware mini remote control service are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

SolarWinds / Dameware Mini Remote Control Service

12.3.1.20 and prior versions

References

NVD ↗ CVE.org ↗ EPSS Data ↗

solarwinds.com: https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-26396 documentation.solarwinds.com: https://documentation.solarwinds.com/en/success_center/dameware/content/release_notes/dameware_12-3-2_release_notes.htm

Credits

Alexander Pudwill working with Trend Zero Day Initiative