CVE-2024-52606: 
SolarWinds Platform vulnerability analysis and mitigation

CVE-2024-52606 is a server-side request forgery (SSRF) vulnerability affecting the SolarWinds Platform. The vulnerability was discovered and disclosed on February 11, 2025, impacting SolarWinds Platform versions 2024.4.1 and earlier. The issue stems from improper input sanitation that could allow for malicious web requests (SolarWinds Advisory).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) vulnerability (CWE-918). According to the National Vulnerability Database, the CVSS v3.1 base scores differ between assessments: NIST rates it as Critical with a score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), while SolarWinds rates it as Low with a score of 3.5 (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) (NVD).

The vulnerability could potentially allow an attacker to make malicious web requests through the affected SolarWinds Platform. The impact is rated as Low by SolarWinds, with potential for limited integrity impact (SolarWinds Advisory).

SolarWinds has released version 2025.1 which addresses this vulnerability. Users are advised to upgrade to this version to mitigate the risk (Release Notes).