CVE-2024-52611: 
SolarWinds Platform vulnerability analysis and mitigation

The SolarWinds Platform was identified with an information disclosure vulnerability (CVE-2024-52611) through an error message. The vulnerability was discovered and disclosed on February 11, 2025, affecting SolarWinds Platform versions 2024.4.1 and older. While the disclosed information is not considered sensitive, it could potentially be leveraged by attackers for further malicious activities (SolarWinds Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 3.5 (Low severity) with the following vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-209 (Generation of Error Message Containing Sensitive Information). The technical assessment indicates that the vulnerability requires adjacent network access, low attack complexity, and low privileges to exploit, with no user interaction needed (NVD).

The impact of this vulnerability is considered low, as it only allows for information disclosure through error messages. While the exposed information itself is not deemed sensitive, it could potentially be used by attackers to facilitate other malicious activities or gain insights into the system's configuration (SolarWinds Advisory).

SolarWinds has addressed this vulnerability in Platform version 2025.1. Users are advised to upgrade to this version to mitigate the risk (SolarWinds Advisory, Release Notes).

The vulnerability was responsibly disclosed and acknowledged by SolarWinds, with credit given to security researchers Vicky Malekar, Ravi Khanchani and the Techsa SolarWinds Team for discovering and reporting the issue (SolarWinds Advisory).