Solarwinds releases new version of Self-Hosted Platform, patches multiple flaws
Take action: If you are running self-hosted Solarwinds platform, plan an update. This release patches OpenSSL vulnerability which has been debated for its severity. Don't fall into that trap of debate. It's not a panic mode patch, but make sure to update your product soon.
Learn More
Solarwinds has released version 2025.1 of their Platform Self-Hosted software. The update includes fixes for five vulnerabilities, with three affecting the Solarwinds Platform directly and two impacting third-party components.
- CVE-2024-5535 (CVSS score 9.1) - Allows buffer overflow attacks enabling access to sensitive data. While OpenSSL developers rated it as low risk, Solarwinds' implementation makes it critical
- CVE-2024-6119 (CVSS score 7.5) - OpenSSL vulnerability enabling denial of service attacks
- CVE-2024-52612 (CVSS score 6.8) - Reflected Cross-Site Scripting vulnerability
- CVE-2024-52606 (CVSS score 3.5) - Server-side request forgery vulnerability
- CVE-2024-52611 (CVSS score 3.5) - Information disclosure through error messages
For new SolarWinds Platform deployments, download the installation file from the SolarWinds Platform product page on https://www.solarwinds.com or from the Customer Portal.
For upgrades, go to Settings > My Deployment to initiate the upgrade. The SolarWinds Installer upgrades your entire deployment (all SolarWinds Platform products and any scalability engines).
